System and method for spatially consistent sampling of flow records at constrained, content-dependent rates Patent uri icon

abstract

  • Disclosed herein are systems, computer-implemented methods, and computer-readable media for sampling network traffic. The method includes receiving a desired quantity of flow record to sample, receiving a plurality of network flow record each summarizing a network flow of packets, calculating a hash for each flow record of based on one or more invariant part of a respective flow, generating a quasi-random number from the calculated hash for each respective flow record, generating a priority from the calculated hash for each respective flow record, and sampling exactly the desired quantity of flow records, selecting flow records having a highest priority first. In one aspect, the method further partitions the plurality of flow records into groups based on flow origin and destination, generates an individual priority for each partitioned group, and separately samples exactly the desired quantity of flow records from each partitioned group, selecting flows having a highest individual priority first.

author list (cited authors)

  • Duffield, N., Breslau, L. M., Ee, C., Gerber, A., Lund, C., & Sen, S.

complete list of authors

  • Duffield, N||Breslau, LM||Ee, C||Gerber, A||Lund, C||Sen, S

publication date

  • June 2010