Key points are not available for this paper at this time.
INTRODUCTION One of the primary tasks of network administrators is monitoring routers and switches for anomalous traffic behavior such as outages, configuration changes, flash crowds and abuse. Recognizing and identifying anomalous behavior is often based on ad hoc methods developed from years of experience in managing networks. A variety of commercial and open source tools have been developed to assist in this process, however these require policies and/or or thresholds to be defined by the user in order to trigger alerts. The better the description of the anomalous behavior, the more effective these tools become. In this extended abstract we describe a project focused on precise characterization of anomalous network traffic behavior. The first step in our project is to gather passive measurements of network traffic at the IP flow level. IP flow level data as defined in 1 is a unidirectional series of IP packets of a given protocol traveling between a sourc
Barford et al. (Mon,) studied this question.