Index–Trie: Efficient archival and retrieval of network traffic

Historical network traffic traces, both at the flow and packet level, play a significant role in many research and engineering areas, such as network security, traffic engineering and accounting. To retrieve the specific entries at a higher speed from large traces, each packet or flow should be inde...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2017-09, Vol.124, p.140-156
Hauptverfasser: Xie, Gaogang, Su, Jingxiu, Wang, Xin, He, Taihua, Zhang, Guangxing, Uhlig, Steve, Salamatian, Kave
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 156
container_issue
container_start_page 140
container_title Computer networks (Amsterdam, Netherlands : 1999)
container_volume 124
creator Xie, Gaogang
Su, Jingxiu
Wang, Xin
He, Taihua
Zhang, Guangxing
Uhlig, Steve
Salamatian, Kave
description Historical network traffic traces, both at the flow and packet level, play a significant role in many research and engineering areas, such as network security, traffic engineering and accounting. To retrieve the specific entries at a higher speed from large traces, each packet or flow should be indexed using multiple query fields during archiving. This brings challenges both in terms of archiving speed and storage consumption. We propose a network traffic indexing and querying method based on Index–Trie, to achieve fast archiving, low storage space of the indexes, and fast retrieval. We implemented a system for online trace archival and retrieval. Our experiments, performed both offline and online on backbone, campus and datacenter network traffic, demonstrate that our method outperforms the popular FastBit method. For packet traces, the Index–Trie based method can obtain an improvement up to 72% for the archiving rate, 56% lower storage consumption, and 14 times faster retrieving time. For flow traces, compared to FastBit, our system is up to 15 times faster in term of the archiving rate, 42% less storage, and 100 times faster retrieving speed. Furthermore, we extend the application of Index-Tries to log file indexing and retrieving.
doi_str_mv 10.1016/j.comnet.2017.06.010
format Article
fullrecord <record><control><sourceid>proquest_hal_p</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_01617171v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128617302542</els_id><sourcerecordid>1950423639</sourcerecordid><originalsourceid>FETCH-LOGICAL-c368t-8e852d822c73fb09c88ec5ffa5cfb2e3307bde8c2b7be7f18c1acfa45063678f3</originalsourceid><addsrcrecordid>eNp9kL1OwzAURiMEEqXwBgyRmBgSru3EdhiQqqpQpEosZbYc51p1aZPipAU23oE35ElwFMSIPPjv3O_aJ4ouCaQECL9Zp6bZ1tilFIhIgadA4CgaESloIoAXx2HNZJEQKvlpdNa2awDIMipH0eSxrvD9-_Nr6R3exjNrnXFYd7H2ZuUOehPruoo9duG63zU2Do3eGv8Sd1739Hl0YvWmxYvfeRw938-W03myeHp4nE4WiWFcdolEmdNKUmoEsyUURko0ubU6N7akyBiIskJpaClKFJZIQ7SxOsuBMy6kZePoeshd6Y3aebfV_kM12qn5ZKH6s2CCiDAOJLBXA7vzzese206tm72vw_MUKXLIKOOsCFQ2UMY3bevR_sUSUL1YtVaDWNWLVcBDDwhld0MZht8eHHrV9soMVs6j6VTVuP8DfgD10YN_</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1950423639</pqid></control><display><type>article</type><title>Index–Trie: Efficient archival and retrieval of network traffic</title><source>ScienceDirect Journals (5 years ago - present)</source><creator>Xie, Gaogang ; Su, Jingxiu ; Wang, Xin ; He, Taihua ; Zhang, Guangxing ; Uhlig, Steve ; Salamatian, Kave</creator><creatorcontrib>Xie, Gaogang ; Su, Jingxiu ; Wang, Xin ; He, Taihua ; Zhang, Guangxing ; Uhlig, Steve ; Salamatian, Kave</creatorcontrib><description>Historical network traffic traces, both at the flow and packet level, play a significant role in many research and engineering areas, such as network security, traffic engineering and accounting. To retrieve the specific entries at a higher speed from large traces, each packet or flow should be indexed using multiple query fields during archiving. This brings challenges both in terms of archiving speed and storage consumption. We propose a network traffic indexing and querying method based on Index–Trie, to achieve fast archiving, low storage space of the indexes, and fast retrieval. We implemented a system for online trace archival and retrieval. Our experiments, performed both offline and online on backbone, campus and datacenter network traffic, demonstrate that our method outperforms the popular FastBit method. For packet traces, the Index–Trie based method can obtain an improvement up to 72% for the archiving rate, 56% lower storage consumption, and 14 times faster retrieving time. For flow traces, compared to FastBit, our system is up to 15 times faster in term of the archiving rate, 42% less storage, and 100 times faster retrieving speed. Furthermore, we extend the application of Index-Tries to log file indexing and retrieving.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2017.06.010</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Archive ; Archiving ; Communications traffic ; Computer centers ; Computer Science ; Flow ; Indexing ; Information retrieval ; Network security ; Networking and Internet Architecture ; On-line systems ; Packet ; Retrieval ; Retrieve ; Traffic control ; Traffic engineering ; Traffic speed</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2017-09, Vol.124, p.140-156</ispartof><rights>2017 Elsevier B.V.</rights><rights>Copyright Elsevier Sequoia S.A. Sep 4, 2017</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c368t-8e852d822c73fb09c88ec5ffa5cfb2e3307bde8c2b7be7f18c1acfa45063678f3</citedby><cites>FETCH-LOGICAL-c368t-8e852d822c73fb09c88ec5ffa5cfb2e3307bde8c2b7be7f18c1acfa45063678f3</cites><orcidid>0000-0001-5557-9134 ; 0000-0002-3891-2684</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.comnet.2017.06.010$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>230,314,780,784,885,3548,27922,27923,45993</link.rule.ids><backlink>$$Uhttps://hal.science/hal-01617171$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Xie, Gaogang</creatorcontrib><creatorcontrib>Su, Jingxiu</creatorcontrib><creatorcontrib>Wang, Xin</creatorcontrib><creatorcontrib>He, Taihua</creatorcontrib><creatorcontrib>Zhang, Guangxing</creatorcontrib><creatorcontrib>Uhlig, Steve</creatorcontrib><creatorcontrib>Salamatian, Kave</creatorcontrib><title>Index–Trie: Efficient archival and retrieval of network traffic</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>Historical network traffic traces, both at the flow and packet level, play a significant role in many research and engineering areas, such as network security, traffic engineering and accounting. To retrieve the specific entries at a higher speed from large traces, each packet or flow should be indexed using multiple query fields during archiving. This brings challenges both in terms of archiving speed and storage consumption. We propose a network traffic indexing and querying method based on Index–Trie, to achieve fast archiving, low storage space of the indexes, and fast retrieval. We implemented a system for online trace archival and retrieval. Our experiments, performed both offline and online on backbone, campus and datacenter network traffic, demonstrate that our method outperforms the popular FastBit method. For packet traces, the Index–Trie based method can obtain an improvement up to 72% for the archiving rate, 56% lower storage consumption, and 14 times faster retrieving time. For flow traces, compared to FastBit, our system is up to 15 times faster in term of the archiving rate, 42% less storage, and 100 times faster retrieving speed. Furthermore, we extend the application of Index-Tries to log file indexing and retrieving.</description><subject>Archive</subject><subject>Archiving</subject><subject>Communications traffic</subject><subject>Computer centers</subject><subject>Computer Science</subject><subject>Flow</subject><subject>Indexing</subject><subject>Information retrieval</subject><subject>Network security</subject><subject>Networking and Internet Architecture</subject><subject>On-line systems</subject><subject>Packet</subject><subject>Retrieval</subject><subject>Retrieve</subject><subject>Traffic control</subject><subject>Traffic engineering</subject><subject>Traffic speed</subject><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNp9kL1OwzAURiMEEqXwBgyRmBgSru3EdhiQqqpQpEosZbYc51p1aZPipAU23oE35ElwFMSIPPjv3O_aJ4ouCaQECL9Zp6bZ1tilFIhIgadA4CgaESloIoAXx2HNZJEQKvlpdNa2awDIMipH0eSxrvD9-_Nr6R3exjNrnXFYd7H2ZuUOehPruoo9duG63zU2Do3eGv8Sd1739Hl0YvWmxYvfeRw938-W03myeHp4nE4WiWFcdolEmdNKUmoEsyUURko0ubU6N7akyBiIskJpaClKFJZIQ7SxOsuBMy6kZePoeshd6Y3aebfV_kM12qn5ZKH6s2CCiDAOJLBXA7vzzese206tm72vw_MUKXLIKOOsCFQ2UMY3bevR_sUSUL1YtVaDWNWLVcBDDwhld0MZht8eHHrV9soMVs6j6VTVuP8DfgD10YN_</recordid><startdate>20170904</startdate><enddate>20170904</enddate><creator>Xie, Gaogang</creator><creator>Su, Jingxiu</creator><creator>Wang, Xin</creator><creator>He, Taihua</creator><creator>Zhang, Guangxing</creator><creator>Uhlig, Steve</creator><creator>Salamatian, Kave</creator><general>Elsevier B.V</general><general>Elsevier Sequoia S.A</general><general>Elsevier</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>1XC</scope><orcidid>https://orcid.org/0000-0001-5557-9134</orcidid><orcidid>https://orcid.org/0000-0002-3891-2684</orcidid></search><sort><creationdate>20170904</creationdate><title>Index–Trie: Efficient archival and retrieval of network traffic</title><author>Xie, Gaogang ; Su, Jingxiu ; Wang, Xin ; He, Taihua ; Zhang, Guangxing ; Uhlig, Steve ; Salamatian, Kave</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c368t-8e852d822c73fb09c88ec5ffa5cfb2e3307bde8c2b7be7f18c1acfa45063678f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Archive</topic><topic>Archiving</topic><topic>Communications traffic</topic><topic>Computer centers</topic><topic>Computer Science</topic><topic>Flow</topic><topic>Indexing</topic><topic>Information retrieval</topic><topic>Network security</topic><topic>Networking and Internet Architecture</topic><topic>On-line systems</topic><topic>Packet</topic><topic>Retrieval</topic><topic>Retrieve</topic><topic>Traffic control</topic><topic>Traffic engineering</topic><topic>Traffic speed</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Xie, Gaogang</creatorcontrib><creatorcontrib>Su, Jingxiu</creatorcontrib><creatorcontrib>Wang, Xin</creatorcontrib><creatorcontrib>He, Taihua</creatorcontrib><creatorcontrib>Zhang, Guangxing</creatorcontrib><creatorcontrib>Uhlig, Steve</creatorcontrib><creatorcontrib>Salamatian, Kave</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library &amp; Information Sciences Abstracts (LISA)</collection><collection>Library &amp; Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Hyper Article en Ligne (HAL)</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Xie, Gaogang</au><au>Su, Jingxiu</au><au>Wang, Xin</au><au>He, Taihua</au><au>Zhang, Guangxing</au><au>Uhlig, Steve</au><au>Salamatian, Kave</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Index–Trie: Efficient archival and retrieval of network traffic</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2017-09-04</date><risdate>2017</risdate><volume>124</volume><spage>140</spage><epage>156</epage><pages>140-156</pages><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>Historical network traffic traces, both at the flow and packet level, play a significant role in many research and engineering areas, such as network security, traffic engineering and accounting. To retrieve the specific entries at a higher speed from large traces, each packet or flow should be indexed using multiple query fields during archiving. This brings challenges both in terms of archiving speed and storage consumption. We propose a network traffic indexing and querying method based on Index–Trie, to achieve fast archiving, low storage space of the indexes, and fast retrieval. We implemented a system for online trace archival and retrieval. Our experiments, performed both offline and online on backbone, campus and datacenter network traffic, demonstrate that our method outperforms the popular FastBit method. For packet traces, the Index–Trie based method can obtain an improvement up to 72% for the archiving rate, 56% lower storage consumption, and 14 times faster retrieving time. For flow traces, compared to FastBit, our system is up to 15 times faster in term of the archiving rate, 42% less storage, and 100 times faster retrieving speed. Furthermore, we extend the application of Index-Tries to log file indexing and retrieving.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2017.06.010</doi><tpages>17</tpages><orcidid>https://orcid.org/0000-0001-5557-9134</orcidid><orcidid>https://orcid.org/0000-0002-3891-2684</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 1389-1286
ispartof Computer networks (Amsterdam, Netherlands : 1999), 2017-09, Vol.124, p.140-156
issn 1389-1286
1872-7069
language eng
recordid cdi_hal_primary_oai_HAL_hal_01617171v1
source ScienceDirect Journals (5 years ago - present)
subjects Archive
Archiving
Communications traffic
Computer centers
Computer Science
Flow
Indexing
Information retrieval
Network security
Networking and Internet Architecture
On-line systems
Packet
Retrieval
Retrieve
Traffic control
Traffic engineering
Traffic speed
title Index–Trie: Efficient archival and retrieval of network traffic
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-14T03%3A42%3A03IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_hal_p&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Index%E2%80%93Trie:%20Efficient%20archival%20and%20retrieval%20of%20network%20traffic&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Xie,%20Gaogang&rft.date=2017-09-04&rft.volume=124&rft.spage=140&rft.epage=156&rft.pages=140-156&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2017.06.010&rft_dat=%3Cproquest_hal_p%3E1950423639%3C/proquest_hal_p%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1950423639&rft_id=info:pmid/&rft_els_id=S1389128617302542&rfr_iscdi=true