Traffic Measurement and Analysis

Overview

An important prerequisite for many network operation tasks today is the availability of traffic measurement functions that provide information about the current traffic characteristics with low latency. The resulting measurement data can then be analyzed and interpreted in order to classify the traffic into application classes, to detect malicious activities (e.g., worm outbreaks or botnet traffic), or to detect network malfunctions. Furthermore, communication patterns observed in a network allow inferring dependencies between different service, which is useful to identify the most critical components and end systems in a network.

Our research work focuses on the development and evaluation of novel passive traffic measurement functions, in particular for real-time packet-level and flow-level measurements, as well as the analysis of packet and flow data for traffic classification and the detection of attacks and anomalies. Furthermore, we contribute to standardization bodies, especially to the IETF.

Packet and Flow-based Traffic Measurement

Packet-based traffic measurements deal with the capturing of traffic traces which contain packet header information and optionally parts of the payload as well. Typical systems performing packet-based traffic measurements are network analyzers and network-based intrusion detection systems which analyze the captured packets directly. However, it is also possible to capture the traffic at routers and network monitors which export the resulting measurement data to a remote analysis systems. A recent IETF standard for the export of packet reports to a remote collector is the PSAMP protocol specified in RFC5476.

Packet-based traffic measurements in high-speed networks require a lot of computational and memory resources. A less demanding alternative are flow-based traffic measurements which gather statistics about flows of packets sharing a set of common properties called flow keys. A typical set of flow keys consists of the IP quintuple of transport protocol, source IP address, destination IP address, source port, and destination port. The IETF standard for exporting flow records is the IPFIX protocol specified in RFC5101.

Our group is working on advanced monitoring and export functions for PSAMP and IPFIX compliant devices. For evaluation and practical deployment, we implement these advanced functions as software solutions, mainly in C and C++. Most of this implementation work takes place in the scope of the HISTORY project, which is a joint project with the University of Erlangen, aiming at the development of open-source software tools for high-speed network monitoring and analysis. The main software tool developed in this context is VERMONT, which is a modular monitoring probe supporting IPFIX and PSAMP export and collection.

Members of our group have been actively contributing to the standardization of IPFIX and PSAMP. In particular, we are working on a data model for configuring monitoring devices. Further standardization initiatives concern the secure and efficient transport of monitoring data using encryption and compression methods.

Configuration of Monitoring Probes

Attack and Anomaly Detection

The detection of harmful traffic caused by attacks, worms, or botnets still is an interesting research topic. Although abundant research work has been conducted in this area, the emergence of new security threats (e.g., flux and fast-flux botnets) and the ever changing characteristics of benign network utilization (e.g., mobile web 2.0 applications) require a continuous research effort.

One of our research activities in this area deals with the investigation of worm and botnet traffic. With the resulting knowledge, we develop innovative monitoring and detection functions which enable the detection of such malicious traffic with limited computational and memory resources. Furthermore, we work on methods for detecting traffic anomalies in flow data. Since many anomalies are the result of harmless traffic variations, the principal objective is to find appropriate traffic metrics and detection methods which are primarily sensitive to incidents which are of potential relevance for the network administrator.

Traffic Classification

Network operators are interested in identifying the traffic of different applications in order to monitor and control the utilization of the available network resources. Since the traffic of many new applications cannot be identified by specific port numbers, deep packet inspection (DPI) is the current technology of choice. However, DPI is very costly as it requires a lot of computational resources as well as up-to-date signatures of all relevant applications. Furthermore, DPI is limited to unencrypted traffic. 

In order to overcome the limitations and drawbacks of port and content-based traffic classification, the development of statistical classification methods has become an important area of research. As part of the LUPUS project, our goal is to find new traffic properties and metrics which can be derived from passive traffic measurements and which allow us to better distinguish between different protocols and applications. Thereby, we concentrate on statistical methods which are easy to implement and to deploy in real networks.

Scientists: Dominik Scholz, M.Sc., Johannes Zirngibl, M.Sc., Patrick Sattler, M.Sc., Benedikt Jaeger, M. Sc., Dr. Ralph Holz, Dr. Johann Schlamp, Edwin Cordeiro, M.Sc., Henning Stubbe, Kilian Holzinger, M. Sc., Max Helm, M. Sc., Jonas Andre, M. Sc., Markus Sosnowski, M.Sc.

Projects: ModANet, AI4Performance, MOONSHINE, AutoMon, X-Check, SENDATE, I2RS, Peeroskop, HISTORY - HIgh Speed neTwork mOnitoRing and analYsis, Diadem Firewall, Vermont, DFG LUPUS, COST TMA, SASER

Publications

2020-12-01 Dominik Scholz, Sebastian Gallenmüller, Henning Stubbe, Georg Carle, “SYN Flood Defense in Programmable Data Planes,” in 3rd P4 Workshop in Europe (EUROP4), Barcelona, Spain, Dec. 2020. [Bib]
2020-09-01 Dominik Scholz, Henning Stubbe, Sebastian Gallenmüller, Georg Carle, “Key Properties of Programmable Data Plane Targets,” in Teletraffic Congress (ITC 32), 2020 32nd International, Osaka, Japan, Sep. 2020. [Pdf] [Slides] [Bib]
2020-06-01 Maximilian Pudelko, Paul Emmerich, Sebastian Gallenmüller, Georg Carle, “Performance Analysis of VPN Gateways,” in IFIP Networking 2020, Paris, France, Jun. 2020. [Pdf] [Bib]
2020-01-01 Samuele Zoppi, Onur Ayan, Fabio Molinari, Zenit Music, Sebastian Gallenmüller, Georg Carle, Wolfgang Kellerer, “NCSbench: Reproducible Benchmarking Platform for Networked Control Systems,” in 2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC) (CCNC 2020), Las Vegas, USA, Jan. 2020. [Pdf] [Bib]
2019-12-01 Charles Shelbourne, Leonardo Linguaglossa, Aldo Lipani, Tianzhu Zhang, Fabien Geyer, “On the Learnability of Software Router Performance via CPU Measurements,” in Proceedings of the 2019 CoNEXT Student Workshop, Orlando, USA, Dec. 2019. [Pdf] [Rawdata] [DOI] [Bib]
2019-09-01 Dominik Scholz, Andreas Oeldemann, Fabien Geyer, Sebastian Gallenmüller, Henning Stubbe, Thomas Wild, Andreas Herkersdorf, Georg Carle, “Cryptographic Hashing in P4 Data Planes,” in 2nd P4 Workshop in Europe (EUROP4), Cambridge, UK, Sep. 2019. [Pdf] [Slides] [DOI] [Bib]
2019-06-01 Leonardo Linguaglossa, Fabien Geyer, Wenqin Shao, Frank Brockners, Georg Carle, “Demonstrating the Cost of Collecting In-Network Measurements for High-Speed VNFs,” in IFIP TMA Demo, Paris, France, Jun. 2019. [Pdf] [DOI] [Bib]
2019-05-01 Benedikt Jaeger, Dominik Scholz, Daniel Raumer, Fabien Geyer, Georg Carle, “Reproducible Measurements of TCP BBR Congestion Control,” Computer Communications, vol. 144, pp. 31–43, May 2019. [Pdf] [DOI] [Bib]
2019-05-01 Fabien Geyer, Stefan Schmid, “DeepMPLS: Fast Analysis of MPLS Configurations Using Deep Learning,” in Proceedings of the 18th International IFIP TC6 Networking Conference, Warsaw, Poland, May 2019. [Pdf] [Slides] [Sourcecode] [Rawdata] [DOI] [Bib]
2019-04-01 Fabien Geyer, Steffen Bondorf, “DeepTMA: Predicting Effective Contention Models for Network Calculus using Graph Neural Networks,” in Proceedings of the 38th IEEE International Conference on Computer Communications (INFOCOM 2019), Paris, France, Apr. 2019. [Pdf] [Rawdata] [DOI] [Bib]
2019-03-01 Wouter B. de Vries, Quirin Scheitle, Moritz Müller, Willem Toorop, Ralph Dolmans, Roland van Rijswijk-Deij, “A First Look at QNAME Minimization in the Domain Name System,” in Proceedings of the Passive and Active Measurement Conference (PAM 2019), Best Dataset Award, Puerto Varas, Chile, Mar. 2019. [Url] [Bib]
2019-03-01 Sebastian Gallenmüller, René Glebke, Stephan Günther, Eric Hauser, Maurice Leclaire, Stefan Reif, Jan Rüth, Andreas Schmidt, Georg Carle, Thorsten Herfet, Wolfgang Schröder-Preikschat, Klaus Wehrle, “Enabling Wireless Network Support for Gain Scheduled Control,” in 2nd International Workshop on Edge Systems, Analytics and Networking (EdgeSys ’19), Dresden, Germany, Mar. 2019. [Url] [Pdf] [DOI] [Bib]
2018-12-01 Cornelius Diekmann, Johannes Naab, Andreas Korsten, Georg Carle, “Agile Network Access Control in the Container Age,” IEEE Transactions on Network and Service Management, Dec. 2018. [Pdf] [DOI] [Bib]
2018-11-01 Quirin Scheitle, Oliver Hohlfeld, Julien Gamba, Jonas Jelten, Torsten Zimmermann, Stephen D. Strowes, Narseo Vallina-Rodriguez, “A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists,” in Internet Measurement Conference (IMC’18), IMC’18 Community Contribution Award, Boston, USA, Nov. 2018, pp. 478–493. [Homepage] [Rawdata] [Arxiv] [DOI] [Bib]
2018-11-01 Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C. Schmidt, Matthias Wählisch, “The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem,” in Internet Measurement Conference (2018), Boston, USA, Nov. 2018, pp. 343–349. [Rawdata] [Arxiv] [DOI] [Bib]
2018-11-01 Oliver Gasser, Quirin Scheitle, Pawel Foremski, Qasim Lone, Maciej Korczynski, Stephen D. Strowes, Luuk Hendriks, Georg Carle, “Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists,” in Proceedings of the 2018 Internet Measurement Conference, New York, NY, USA, Nov. 2018. [Pdf] [Slides] [Homepage] [Rawdata] [Arxiv] [Blog] [DOI] [Bib]
2018-10-01 Paul Emmerich, Maximilian Pudelko, Quirin Scheitle, Georg Carle, “Efficient Dynamic Flow Tracking for Packet Analyzers,” in CloudNet, Tokyo, Japan, Oct. 2018. [Pdf] [Bib]
2018-10-01 Simon Bauer, Daniel Raumer, Paul Emmerich, Georg Carle, “Intra-node Resource Isolation for SFC with SR-IOV,” in IEEE 7th International Conference on Cloud Networking (CloudNet’18), Tokyo, Japan, Oct. 2018. [Pdf] [Bib]
2018-09-01 Dominik Scholz, Daniel Raumer, Paul Emmerich, Alexander Kurtz, Krzysztof Lesiak, Georg Carle, “Performance Implications of Packet Filtering with Linux eBPF,” in Teletraffic Congress (ITC 30), 2018 30th International, Vienna, Austria, Sep. 2018. [Pdf] [Slides] [Bib]
2018-07-01 Simon Bauer, Daniel Raumer, Paul Emmerich, Georg Carle, “Behind the scenes: what device benchmarks can tell us,” in The Applied Networking Research Workshop 2018 (ANRW ’18), Montreal, Canada, Jul. 2018. [Pdf] [Rawdata] [Bib]
2018-06-01 Erkin Kirdan, Daniel Raumer, Paul Emmerich, Georg Carle, “Building a Traffic Policer for DDoS Mitigation on Top of Commodity Hardware,” in International Symposium on Networks, Computers and Communications (ISNCC’18), Rome, Italy, Jun. 2018. [Pdf] [Bib]
2018-05-01 Dominik Scholz, Benedikt Jaeger, Lukas Schwaighofer, Daniel Raumer, Fabien Geyer, Georg Carle, “Towards a Deeper Understanding of TCP BBR Congestion Control,” in IFIP Networking 2018, Zurich, Switzerland, May 2018. [Pdf] [Sourcecode] [DOI] [Bib]
2018-04-01 Sebastian Gallenmüller, Stephan Günther, Maurice Leclaire, Samuele Zoppi, Fabio Molinari, Richard Schöffauer, Wolfgang Kellerer, Georg Carle, “Benchmarking Networked Control Systems,” in 1st Workshop on Benchmarking Cyber-Physical Networks and Systems, Oporto, Portugal, Apr. 2018. [Pdf] [Bib]
2018-04-01 Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, Georg Carle, “A First Look at Certification Authority Authorization (CAA),” ACM SIGCOMM Computer Communications Review (CCR), Apr. 2018. [Url] [Pdf] [Preprint] [Homepage] [Rawdata] [Bib]
2018-03-01 Quirin Scheitle, Jonas Jelten, Oliver Hohlfeld, Luca Ciprian, Georg Carle, “Structure and Stability of Internet Top Lists,” in PAM’18 Poster, Berlin, Mar. 2018. [Arxiv] [Bib]
2018-03-01 Oliver Gasser, Benjamin Hof, Max Helm, Maciej Korczynski, Ralph Holz, Georg Carle, “In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements,” in Proceedings of the Passive and Active Measurement Conference (PAM 2018), Best Paper Award, Berlin, Germany, Mar. 2018. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Blog] [Bib]
2018-03-01 Tobias Brunnwieser, Oliver Gasser, Sree Harsha Totakura, Georg Carle, “Live Detection and Analysis of HTTPS Interceptions,” in Passive and Active Measurement Conference (PAM), Poster, Berlin, Germany, Mar. 2018. [Pdf] [Poster] [Bib]
2018-01-01 Sebastian Gallenmüller, Dominik Scholz, Florian Wohlfart, Quirin Scheitle, Paul Emmerich, Georg Carle, “High-Performance Packet Processing and Measurements (Invited Paper),” in 10th International Conference on Communication Systems & Networks (COMSNETS 2018), Bangalore, India, Jan. 2018. [Pdf] [Bib]
2017-11-01 Johanna Amann*, Oliver Gasser*, Quirin Scheitle*, Lexi Brent, Georg Carle, Ralph Holz, “Mission Accomplished? HTTPS Security after DigiNotar,” in Proceedings of the Internet Measurement Conference (IMC 2017), IMC’17 Community Contribution Award, IRTF Applied Networking Research Prize (ANRP) 2018, London, UK, Nov. 2017. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2017-11-01 Patricia Callejo, Connor Kelton, Narseo Vallina-Rodriguez, Rubén Cuevas, Oliver Gasser, Christian Kreibich, Florian Wohlfart, Ángel Cuevas, “Opportunities and Challenges of Ad-based Measurements from the Edge of the Network,” in Proc. of the 16th ACM Workshop on Hot Topics in Networks, Nov. 2017. [Pdf] [Bib]
2017-10-01 Oliver Gasser, Quirin Scheitle, Benedikt Rudolph, Carl Denis, Nadja Schricker, Georg Carle, “The Amplification Threat Posed by Publicly Reachable BACnet Devices,” Journal of Cyber Security and Mobility, Oct. 2017. [Url] [Pdf] [Bib]
2017-09-01 Daniel Raumer, Simon Bauer, Paul Emmerich, Georg Carle, “Performance Implications for Intra-node Placement of Network Function Chains,” in IEEE 6th International Conference on Cloud Networking (CloudNet’17), Prague, Czech Republic, Sep. 2017. [Pdf] [Bib]
2017-08-01 Quirin Scheitle, Matthias Wählisch, Oliver Gasser, Thomas C. Schmidt, Georg Carle, “Towards an Ecosystem for Reproducible Research in Computer Networking,” in ACM SIGCOMM Reproducibility Workshop, Los Angeles, USA, Aug. 2017. [Pdf] [Slides] [Bib]
2017-07-01 Paul Emmerich, Daniel Raumer, Sebastian Gallenmüller, Florian Wohlfart, Georg Carle, “Throughput and Latency of Virtual Switching with Open vSwitch: A Quantitative Analysis,” Journal of Network and Systems Management, Jul. 2017. [Pdf] [DOI] [Bib]
2017-06-01 Paul Emmerich, Maximilian Pudelko, Sebastian Gallenmüller, Georg Carle, “FlowScope: Efficient Packet Capture and Storage in 100 Gbit/s Networks,” in IFIP Networking 2017, Stockholm, Sweden, Jun. 2017. [Pdf] [Bib]
2017-06-01 Quirin Scheitle, Oliver Gasser, Patrick Sattler, Georg Carle, “HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks,” in Network Traffic Measurement and Analysis Conference (TMA), Best Dataset Award, Dublin, Ireland, Jun. 2017. [Pdf] [Slides] [Rawdata] [Arxiv] [Bib]
2017-06-01 Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Georg Carle, “Large-Scale Classification of IPv6-IPv4 Siblings with Variable Clock Skew,” in Network Traffic Measurement and Analysis Conference (TMA), Jun. 2017. [Pdf] [Slides] [Rawdata] [Recording] [Arxiv] [Bib]
2017-06-01 Matthias Wachs, Quirin Scheitle, Georg Carle, “Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication,” in Network Traffic Measurement and Analysis Conference (TMA), Best Paper Award TMA’17, IEEE ComSoc ITC Best Paper Award 2017, Jun. 2017. [Pdf] [Slides] [Recording] [Bib]
2017-05-01 Wolfgang Hahn, Borislava Gajic, Florian Wohlfart, Daniel Raumer, Paul Emmerich, Sebastian Gallenmüller, Georg Carle, “Feasibility of Compound Chained Network Functions for Flexible Packet Processing,” in International Workshop on 5G Enabling Technologies for the Internet of Things (GET-IoT) at the 23rd European Wireless (EW2017), Dresden, Germany, May 2017. [Pdf] [Bib]
2017-05-01 Sebastian Gallenmüller, Paul Emmerich, Rainer Schönberger, Daniel Raumer, Georg Carle, “Building Fast but Flexible Software Routers,” in ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS 2017), Beijing, China, May 2017. [Pdf] [Poster] [Bib]
2017-05-01 Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Security Implications of Publicly Reachable Building Automation Systems,” in Proc. 2nd Int. Workshop on Traffic Measurements for Cybersecurity, San Jose, CA, USA, May 2017. [Pdf] [Bib]
2017-02-01 Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker, Georg Carle, “Öffentlich erreichbare Gebäudeautomatisierung: Amplification-Anfälligkeit von BACnet und Deployment-Analyse im Internet und DFN,” in 24. DFN-Konferenz Sicherheit in vernetzten Systemen, Hamburg, Germany, Feb. 2017. [Pdf] [Bib]
2016-10-01 Julius Michaelis, Cornelius Diekmann, “LOFT – Verified Migration of Linux Firewalls to SDN,” Archive of Formal Proofs, Oct. 2016. Formal proof development [Url] [Bib]
2016-10-01 Daniel Raumer, Sebastian Gallenmüller, Paul Emmerich, Lukas Märdian, Florian Wohlfart, Georg Carle, “Efficient Serving of VPN Endpoints on COTS Server Hardware,” in 2016 IEEE 5th tnternational Conference on Cloud Networking (CloudNet’16), Pisa, Italy, Oct. 2016. [Pdf] [Bib]
2016-09-01 Cornelius Diekmann, Lars Hupel, “Iptables_Semantics,” Archive of Formal Proofs, Sep. 2016. Formal proof development [Url] [Bib]
2016-09-01 Sebastian Gallenmüller, Maurice Leclaire, Stephan Günther, Georg Carle, “MOONSHINE – Measurements for Composable Performance Models of Cyber-Physical Network Components,” in International Symposium on Networked Cyber-Physical Systems (NET-CPS 2016), Garching, Germany, Sep. 2016. [Poster] [Bib]
2016-08-01 Julius Michaelis, Cornelius Diekmann, “Routing,” Archive of Formal Proofs, Aug. 2016. Formal proof development [Url] [Bib]
2016-08-01 Cornelius Diekmann, Julius Michaelis, Max Haslbeck, “Simple Firewall,” Archive of Formal Proofs, Aug. 2016. Formal proof development [Url] [Bib]
2016-07-01 Daniel Raumer, Sebastian Gallenmüller, Florian Wohlfart, Paul Emmerich, Patrick Werneck, Georg Carle, “Revisiting Benchmarking Methodology for Interconnect Devices,” in The Applied Networking Research Workshop 2016 (ANRW ’16), Berlin, Germany, Jul. 2016. [Pdf] [Bib]
2016-06-01 Cornelius Diekmann, Julius Michaelis, Lars Hupel, “IP Addresses,” Archive of Formal Proofs, Jun. 2016. Formal proof development [Url] [Bib]
2016-06-01 Johann Schlamp, Ralph Holz, Quentin Jacquemart, Georg Carle, Ernst Biersack, “HEAP: Reliable Assessment of BGP Hijacking Attacks,” IEEE Journal on Selected Areas in Communications, Special Issue on Measuring and Troubleshooting the Internet: Algorithms, Tools and Applications; Volume 34 #6; ISSN: 0733-8716, pp. 1849–1861, Jun. 2016. [Bib]
2016-04-01 Oliver Gasser, Quirin Scheitle, Sebastian Gebhard, Georg Carle, “Scanning the IPv6 Internet: Towards a Comprehensive Hitlist,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Url] [Pdf] [Slides] [Bib]
2016-04-01 Oliver Gasser, Felix Emmert, Georg Carle, “Digging for Dark IPMI Devices: Advancing BMC Detection and Evaluating Operational Security,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Pdf] [Bib]
2015-11-01 Cornelius Diekmann, Lukas Schwaighofer, Georg Carle, “Certifying Spoofing-Protection of Firewalls,” in 11th International Conference on Network and Service Management, CNSM, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Sourcecode] [Rawdata] [DOI] [Bib]
2015-11-01 Cornelius Diekmann, Andreas Korsten, Georg Carle, “Demonstrating topoS: Theorem-Prover-Based Synthesis of Secure Network Configurations,” in 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Slides] [Sourcecode] [DOI] [Bib]
2015-11-01 Stanislav Lange, Anh Nguyen-Ngoc, Steffen Gebert, Thomas Zinner, Michael Jarschel, Andreas Koepsel, Marc S. Clos, Daniel Raumer, Sebastian Gallenmüller, Georg Carle, Phuoc Tran-Gia, “Performance Benchmarking of an LTE SGW,” in 2nd International Workshop on Management of SDN and NFV Systems 2015, Nov. 2015. [Pdf] [Bib]
2015-10-01 Paul Emmerich, Sebastian Gallenmüller, Daniel Raumer, Florian Wohlfart, Georg Carle, “MoonGen: A Scriptable High-Speed Packet Generator,” in Internet Measurement Conference (IMC) 2015, IRTF Applied Networking Research Prize 2017, Tokyo, Japan, Oct. 2015. [Pdf] [Bib]
2015-09-01 Daniel Raumer, Florian Wohlfart, Dominik Scholz, Georg Carle, “Performance Exploration of Software-based Packet Processing Systems,” in Proceedings of Leistungs-, Zuverlässigkeits- und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 6. GI/ITG-Workshop MMBnet 2015, Hamburg, Germany, Sep. 2015. [Pdf] [Bib]
2015-09-01 Torsten Runge, Daniel Raumer, Florian Wohlfart, Bernd E. Wolfinger, Georg Carle, “How Do Multiple Network Cards Influence the Software Router Performance?,” in Proceedings of Leistungs-, Zuverlässigkeits- und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 6. GI/ITG-Workshop MMBnet 2015, Hamburg, Germany, Sep. 2015. [Pdf] [Bib]
2015-06-01 Cornelius Diekmann, Lars Hupel, Georg Carle, “Semantics-Preserving Simplification of Real-World Firewall Rule Sets,” in 20th International Symposium on Formal Methods, Jun. 2015, pp. 195–212. [Url] [Preprint] [Slides] [Sourcecode] [Rawdata] [DOI] [Bib]
2015-06-01 Viktor Goldberg, Florian Wohlfart, Daniel Raumer, “Datacenter Network Virtualization in Multi-Tenant Environments,” in 8. DFN-Forum Kommunikationstechnologien, Jun. 2015. [Pdf] [Bib]
2015-05-01 Sebastian Gallenmüller, Paul Emmerich, Florian Wohlfart, Daniel Raumer, Georg Carle, “Comparison of Frameworks for High-Performance Packet IO,” in ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS 2015), Oakland, CA, USA, May 2015. [Pdf] [Bib]
2015-05-01 Sebastian Gallenmüller, Paul Emmerich, Daniel Raumer, Georg Carle, “MoonGen: Software Packet Generation for 10 Gbit and Beyond,” in 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 15), Oakland, CA, USA, May 2015. [Pdf] [Poster] [Bib]
2015-04-01 Paul Emmerich, Daniel Raumer, Florian Wohlfart, Georg Carle, “Assessing Soft- and Hardware Bottlenecks in PC-based Packet Forwarding Systems,” in Fourteenth International Conference on Networks (ICN 2015), Best Paper Award, Barcelona, Spain, Apr. 2015. [Pdf] [Bib]
2015-04-01 Timm Böttger, Lothar Braun, Oliver Gasser, Felix von Eye, Helmut Reiser, Georg Carle, “DoS Amplification Attacks – Protocol-Agnostic Detection of Service Abuse in Amplifier Networks,” in Proc. 7th Int. Workshop on Traffic Monitoring and Analysis, Barcelona, Spain, Apr. 2015. [Pdf] [Bib]
2015-04-01 Torsten M. Runge, Daniel Raumer, Florian Wohlfart, Bernd E. Wolfinger, Georg Carle, “Towards Low Latency Software Routers,” Journal of Networks (JNW), Vol 10, No 4, Apr. 2015. [Pdf] [Bib]
2015-04-01 Johann Schlamp, Ralph Holz, Oliver Gasser, Andreas Korsten, Quentin Jacquemart, Georg Carle, Ernst W. Biersack, “Investigating the Nature of Routing Anomalies: Closing in on Subprefix Hijacking Attacks,” in Proc. 7th Int. Workshop on Traffic Monitoring and Analysis, Barcelona, Spain, Apr. 2015. [Pdf] [Bib]
2015-03-01 Alexander Beifuß, Daniel Raumer, Paul Emmerich, Torsten M. Runge, Florian Wohlfart, Bernd E. Wolfinger, Georg Carle, “A Study of Networking Software Induced Latency,” in 2nd International Conference on Networked Systems 2015 (NetSys’15), Cottbus, Germany, Mar. 2015. [Pdf] [Bib]
2015-02-01 Felix von Eye, Timm Böttger, Helmut Reiser, Lothar Braun, Oliver Gasser, Georg Carle, “Detektion und Prävention von Denial-of-Service Amplification Attacken – Schutz des Netzes aus Sicht eines Amplifiers,” in Sicherheit in vernetzten Systemen: 22. DFN-Konferenz, Norderstedt, Deutschland, Feb. 2015, 1. Aufl., pp. H-1–H-13. [Bib]
2014-12-01 Paul Emmerich, Daniel Raumer, Florian Wohlfart, Georg Carle, “A Study of Network Stack Latency for Game Servers,” in 13th Annual Workshop on Network and Systems Support for Games (NetGames’14), Nagoya, Japan, Dec. 2014. [Pdf] [Bib]
2014-10-01 Paul Emmerich, Daniel Raumer, Florian Wohlfart, Georg Carle, “Performance Characteristics of Virtual Switching,” in 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet’14), Luxembourg, Oct. 2014. [Pdf] [Bib]
2014-09-01 Daniel Raumer, Lukas Schwaighofer, Georg Carle, “MonSamp: A Distributed SDN Application for QoS Monitoring,” in Proceedings of the Federated Conference on Computer Science and Information Systems (FedCSIS’14), 1st Workshop on Software-Defined Networking, Warsaw, Poland, Sep. 2014. [Pdf] [Bib]
2014-07-01 Torsten Meyer, Daniel Raumer, Florian Wohlfart, Bernd E. Wolfinger, Georg Carle, “Low latency Packet Processing in Software Routers,” in International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS 2014), Best Paper Award, Monterey, CA, USA, Jul. 2014. [Pdf] [Bib]
2014-05-01 Cornelius Diekmann, Lars Hupel, Georg Carle, “Directed Security Policies: A Stateful Network Implementation,” in Engineering Safety and Security Systems, Singapore, May 2014, vol. 150, pp. 20–34. [Url] [Pdf] [Preprint] [Slides] [Sourcecode] [DOI] [Bib]
2014-05-01 Oliver Gasser, Ralph Holz, Georg Carle, “A deeper understanding of SSH: results from Internet-wide scans,” in Proc. 14th Network Operations and Management Symposium (NOMS), Krakow, Poland, May 2014. [Pdf] [Bib]
2014-03-01 Torsten Meyer, Florian Wohlfart, Daniel Raumer, Bernd E. Wolfinger, Georg Carle, “Validated Model-Based Prediction of Multi-Core Software Router Performance,” Praxis der Informationsverarbeitung und Kommunikation (PIK), vol. 37.2, pp. 93–107, Mar. 2014. [Pdf] [Bib]
2013-09-01 Torsten Meyer, Florian Wohlfart, Daniel Raumer, Bernd E. Wolfinger, Georg Carle, “Measurement and Simulation of High-Performance Packet Processing in Software Routers,” in Proceedings of Leistungs-, Zuverlässigkeits- und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 5. GI/ITG-Workshop MMBnet 2013, Hamburg, Germany, Sep. 2013. [Pdf] [Bib]
2013-05-01 Lothar Braun, Cornelius Diekmann, Nils Kammenhuber, Georg Carle, “Adaptive Load-Aware Sampling for Network Monitoring on Multicore Commodity Hardware,” in IFIP Networking 2013, New York, NY, May 2013. [Url] [Pdf] [Preprint] [Sourcecode] [Bib]
2012-10-01 Gerhard Münz, Benoit Claise, Paul Aitken, “Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols.” RFC 6728, Oct-2012. [Url] [Bib]
2012-10-01 Thomas Kothmayr, Corinna Schmitt, Wen Hu, Michael Bruenig, Georg Carle, “A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication,” in Seventh IEEE International Workshop on Practical Issues in Building Sensor Network Applications (SenseApp), Clearwater (FL), USA, Oct. 2012. [Bib]
2012-06-01 Thomas Dietz, Atsushi Kobayashi, Benoit Claise, Gerhard Münz, “Definitions of Managed Objects for IP Flow Information Export.” RFC 6615 (Obsoletes RFC 5815), Jun-2012. [Url] [Bib]
2012-03-01 Benoit Claise, Paul Aitken, Andrew Johnson, Gerhard Münz, “IP Flow Information Export (IPFIX) Per Stream Control Transmission Protocol (SCTP) Stream.” RFC 6526, Mar-2012. [Url] [Bib]
2011-11-01 Thomas Kothmayr, Wen Hu, Corinna Schmitt, Michael Brünig, Georg Carle, “Securing the Internet of Things with DTLS,” in Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems (SenSys), Poster Session, Seattle, USA, Nov. 2011. [Bib]
2011-09-01 Lothar Braun, Corinna Schmitt, Benoit Claise, Georg Carle, “Compressed IPFIX for smart meters in constrained networks.” Internet-Draft (work in progress), draft-braun-core-compressed-ipfix-03.txt, Sep-2011. [Url] [Bib]
2011-04-01 Atsushi Kobayashi, Benoit Claise, Gerhard Münz, Keisuke Ishibashi, “IP Flow Information (IPFIX) Mediation: Framework.” RFC 6183, Apr-2011. [Url] [Bib]
2011-03-01 Gerhard Münz, Stephan Heckmüller, Lothar Braun, Georg Carle, “Improving Markov-based TCP Traffic Classification,” in Proceedings of Communication in Distributed Systems (KiVS) 2011, Kiel, Germany, Mar. 2011. [Url] [Bib]
2011-03-01 Daniel Mentz, Gerhard Münz, Lothar Braun, “Recommendations for Implementing IPFIX over DTLS.” Internet-Draft (work in progress), draft-mentz-ipfix-dtls-recommendations-02, Mar-2011. [Url] [Bib]
2010-11-01 Lothar Braun, Alexander Didebulidze, Nils Kammenhuber, Georg Carle, “Comparing and Improving Current Packet Capturing Solutions based on Commodity Hardware,” in Proceedings of the Internet Measurement Conference (IMC 2010), Melbourne, Australia, Nov. 2010. [Bib]
2010-06-01 Stephan Heckmüller, Gerhard Münz, Lothar Braun, Aaron Kunde, Bernd E. Wolfinger, Georg Carle, “Lasttransformation durch Rekonstruktion von Auftragslängen anhand von Paketdaten,” Praxis der Informationsverarbeitung und Kommunikation (PIK), vol. 33, no. 2, Jun. 2010. [Url] [Bib]
2010-06-01 Gerhard Münz, Lothar Braun, Hui Dai, Georg Carle, “TCP-Verkehrsklassifizierung mit Markov-Modellen,” Praxis der Informationsverarbeitung und Kommunikation (PIK), vol. 33, no. 2, Jun. 2010. [Url] [Bib]
2010-04-01 Gerhard Münz, Hui Dai, Lothar Braun, Georg Carle, “TCP traffic classification using Markov models,” in Proceedings of Traffic Monitoring and Analysis Workshop (TMA) 2010, Zurich, Switzerland, Apr. 2010. [Url] [Bib]
2010-04-01 Lothar Braun, Gerhard Münz, Georg Carle, “Packet Sampling for Worm and Botnet Detection in TCP Connections,” in Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS) 2010, Osaka, Japan, Apr. 2010. [Url] [Bib]
2010-04-01 Thomas Dietz, Atsushi Kobayashi, Benoit Claise, Gerhard Münz, “Definitions of Managed Objects for IP Flow Information Export.” RFC 5815, Apr-2010. [Url] [Bib]
2010-04-01 Corinna Schmitt, Lothar Braun, Thomas Kothmayr, Georg Carle, “Collecting Sensor Data using Compressed IPFIX,” in Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), Poster Session, Stockholm, Sweden, Apr. 2010. [Bib]
2010-02-01 Thomas Kothmayr, Corinna Schmitt, Lothar Braun, Georg Carle, “Gathering Sensor Data in Home Networks with IPFIX,” in Proceedings of the 7th European Conference on Wireless Sensor Networks (EWSN 2010), Coimbra, Portugal, Feb. 2010. [Bib]
2009-09-01 Hui Dai, Gerhard Münz, Lothar Braun, Georg Carle, “TCP-Verkehrsklassifizierung mit Markov-Modellen,” in Proceedings of Leistungs-, Zuverlässigkeits- und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 5. GI/ITG-Workshop MMBnet 2009, Hamburg, Germany, Sep. 2009. [Url] [Bib]
2009-09-01 Stephan Heckmüller, Gerhard Münz, Lothar Braun, Aaron Kunde, Bernd E. Wolfinger, Georg Carle, “Lasttransformation durch Rekonstruktion von Auftragslängen anhand von Paketdaten,” in Proceedings of Leistungs-, Zuverlässigkeits- und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 5. GI/ITG-Workshop MMBnet 2009, Hamburg, Germany, Sep. 2009. [Url] [Bib]
2009-03-01 Thomas Dietz, Benoit Claise, Paul Aitken, Falko Dressler, Georg Carle, “Information Model for Packet Sampling Exports.” RFC 5477, Mar-2009. [Url] [Bib]
2008-10-01 Gerhard Münz, Georg Carle, “Application of Forecasting Techniques and Control Charts for Traffic Anomaly Detection,” in Proceedings of the 19th ITC Specialist Seminar on Network Usage and Traffic, Berlin, Germany, Oct. 2008. [Url] [Bib]
2008-07-01 Falko Dressler, Christoph Sommer, Gerhard Münz, Atsushi Kobayashi, “IPFIX Flow Aggregation.” Internet-Draft (work in progress), draft-dressler-ipfix-aggregation-05, Jul-2008. [Url] [Bib]
2008-07-01 Gerhard Münz, Lothar Braun, “Lossless Compression for IP Flow Information Export (IPFIX).” Internet-Draft (work in progress), draft-muenz-ipfix-compression-00, Jul-2008. [Url] [Bib]
2008-07-01 Christoph Sommer, Falko Dressler, Gerhard Münz, “Mediator-Specific Extensions to IPFIX Protocol and Information Model.” Internet-Draft (work in progress), draft-sommer-ipfix-mediator-ext-01, Jul-2008. [Url] [Bib]
2008-07-01 Christoph Sommer, Falko Dressler, Gerhard Münz, “Rich Template Set Extension to the IPFIX Protocol.” Internet-Draft (work in progress), draft-sommer-ipfix-richtemplate-00, Jul-2008. [Url] [Bib]
2008-04-01 Gerhard Münz, Georg Carle, “Distributed Network Analysis using TOPAS and Wireshark,” in Proceedings of IEEE Workshop on End-to-End Monitoring Techniques and Services (E2EMon 2008), Salvador-Bahia, Brazil, Apr. 2008. [Url] [Bib]
2007-11-01 Gerhard Münz, Nico Weber, Georg Carle, “Signature Detection in Sampled Packets,” in Proceedings of Workshop on Monitoring, Attack Detection and Mitigation (MonAM) 2007, Toulouse, France, Nov. 2007. [Url] [Bib]
2007-09-01 Gerhard Münz, Sa Li, Georg Carle, “Traffic Anomaly Detection Using K-Means Clustering,” in Proceedings of Leistungs-, Zuverlässigkeits- und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 4. GI/ITG-Workshop MMBnet 2007, Hamburg, Germany, Sep. 2007. [Url] [Bib]
2007-05-01 Gerhard Münz, Georg Carle, “Real-Time Analysis of Flow Data for Network Attack Detection,” in Proceedings of IFIP/IEEE Symposium on Integrated Management (IM) 2007, Munich, Germany, May 2007. [Url] [Bib]
2007-03-01 Ali Fessi, Georg Carle, Falko Dressler, Jürgen Quittek, Cornelia Kappler, H. Tschofenig, “NSLP for Metering Configuration Signaling.” Internet-Draft (work in progress), draft-dressler-nsis-metering-nslp-05.txt, Mar-2007. [Url] [Bib]
2007-03-01 Ali Fessi, Cornelia Kappler, Chang Fan, Falko Dressler, Andreas Klenk, “Framework for Metering NSLP.” Internet-Draft (work in progress), draft-fessi-nsis-m-nslp-framework-04.txt, Mar-2007. [Url] [Bib]
2006-12-01 Fabian Haibl, Falko Dressler, “Anonymization of Measurement and Monitoring Data: Requirements and Solutions,” Praxis der Informationsverarbeitung und Kommunikation (PIK), vol. 29, no. 4, pp. 208–213, Dec. 2006. [Bib]
2006-11-01 Falko Dressler, Gerhard Münz, “Flexible Flow Aggregation for Adaptive Network Monitoring,” in Proceedings of IEEE LCN Workshop on Network Measurements 2006, Tampa, Florida, USA, Nov. 2006. [Url] [Bib]
2006-09-01 Ronny T. Lampert, Christoph Sommer, Gerhard Münz, Falko Dressler, “Vermont - A Versatile Monitoring Toolkit for IPFIX and PSAMP,” in Proceedings of Workshop on Monitoring, Attack Detection and Mitigation (MonAM) 2006, Tuebingen, Germany, Sep. 2006. [Url] [Bib]
2006-07-01 Lothar Braun, Gerhard Münz, “Netzbasierte Angriffs- und Anomalieerkennung mit TOPAS,” in GI FG SIDAR Graduierten-Workshop über Reaktive Sicherheit (SPRING), SIDAR-Report SR-2006-01, Editor: Ulrich Flegel, Berlin, Germany, Jul. 2006. [Url] [Bib]
2006-04-01 Falko Dressler, “Policy-based traffic generation for IP-based networks,” in 25th IEEE Conference on Computer Communications (IEEE INFOCOM 2006), poster session, Barcelona, Spain, Apr. 2006. [Bib]
2006-04-01 Gerhard Münz, Albert Antony, Falko Dressler, Georg Carle, “Using Netconf for Configuring Monitoring Probes,” in Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS) 2006, Poster Session, Vancouver, Canada, Apr. 2006. [Url] [Pdf] [Bib]
2005-12-01 Gerhard Münz, Ali Fessi, Georg Carle, Olivier Paul, Dusan Gabrijelcic, Yannick Carlinet, Sherif Yusuf, Morris Sloman, Vrizlynn Thing, Jan van Lunteren, Patricia Sagmeister, Gero Dittmann, “DIADEM Firewall: Web Server Overload Attack Detection and Response,” in Proceedings of Broadband Europe (BBEurope) 2005, Bordeaux, France, Dec. 2005. [Url] [Bib]
2005-11-01 Andreas Klenk, Philipp Schlicker, Ralph Kühne, Ali Fessi, Changpeng Fan, Falko Dressler, Georg Carle, “Path Coupled Accounting Mechanisms for All IP Networks,” in 6th IEE International Conference on 3G & Beyond (3G 2005), London, UK, Nov. 2005. [Pdf] [Bib]
2005-11-01 Ralph Kühne, Uve Reimer, Morton Schläger, Falko Dressler, Changpeng Fan, Ali Fessi, Andreas Klenk, Georg Carle, “Architecture for a Service-oriented and Convergent Charging in 3G Mobile Networks and Beyond,” in 6th IEE International Conference on 3G & Beyond (3G 2005), London, UK, Nov. 2005. [Url] [Bib]
2005-10-01 Falko Dressler, Andreas Klenk, Cornelia Kappler, Ali Fessi, Georg Carle, “Path-coupled Signaling for Dynamic Metering Configuration in IP-based Networks,” in IFIP 2005 Networking and Electronic Commerce Research Conference (NAEC 2005), Riva del Garda, Italy, Oct. 2005, pp. 388–399. [Pdf] [Bib]
2005-05-01 Uwe Foell, Changpeng Fan, Georg Carle, Falko Dressler, Mehran Roshandel, “Service-Oriented Accounting and Charging for 3G and B3G Mobile Environments,” in 9th IFIP/IEEE International Symposium on Integrated Network Management(IM 2005), Nice, France, May 2005. [Url] [Bib]
2005-03-01 Falko Dressler, Georg Carle, “HISTORY - High Speed Network Monitoring and Analysis,” in 24th IEEE Conference on Computer Communications (IEEE INFOCOM 2005), poster session, Miami, FL, USA, Mar. 2005. [Pdf] [Bib]
2004-10-01 Falko Dressler, Gerhard Münz, Georg Carle, “CATS - Cooperating Autonomous Detection Systems,” in Proceedings of 1st IFIP International Workshop on Autonomic Communication (WAC) 2004, Poster Session, Berlin, Germany, Oct. 2004. [Url] [Pdf] [Bib]
2004-07-01 F. Dressler, Georg Carle, C. Fan, C. Kappler, H. Tschofenig, “NSLP for Accounting Configuration Signaling.” IETF, Jul-2004. [Bib]