An improved TCP protocol machine for flow analysis and network monitoring

Heshmatollah Khosravi*, Masaki Fukushima, Shigeki Goto


    研究成果: Article査読


    In the Internet, flow analysis and network monitoring have been studied by various methods. Some methods try to make TCP (Transport Control Protocol) traces more readable by showing them graphically. Others such as MRTG, NetScope, and NetFlow read the traffic counters of the routers and record the data for traffic engineering. Even if all of the above methods are useful, they are made only to perform a single task. This paper describes an improved TCP Protocol Machine, a multipurpose tool that can be used for flow analysis, intrusion detection and link congestion monitoring. It is developed based on a finite state machine (automation). The machine separates the flows into two main groups. If a flow can be mapped to a set of input symbols of the automation, it is valid, otherwise it is invalid. It can be observed that intruders' attacks are easily detected by the use of the protocol machine. Also link congestion can be monitored, by measuring the percentage of valid flows to the total number of flows. We demonstrate the capability of this tool through measurement and working examples.

    ジャーナルIEICE Transactions on Communications
    出版ステータスPublished - 2003 2月

    ASJC Scopus subject areas

    • 電子工学および電気工学
    • コンピュータ ネットワークおよび通信


    「An improved TCP protocol machine for flow analysis and network monitoring」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。