Previous Articles     Next Articles

A Method of Net Flow Index Retrieval and Compression based on Inverted List

CHEN Zhen%LIU Hong-jian   

  • About author:清华大学信息技术研究院,北京 100084; 清华大学信息科学与技术国家实验室,北京 100084%北京邮电大学信息与通信工程学院,北京,100876

Abstract: Nowadays, with the pervasive usage of computer and Internet, the amount of Internet traffic is increasing dramatically. Traffic monitor is essential in network security and traffic forensic analysis. To monitor the flow, we are able to record the flow information of traffic, such as source IP, destination IP, source Port, destination Port, Protocol field, and timestamp etc. With this information, one can collect the statistics of traffic and conduct further analysis of attack pattern etc. However, the amount of flow information increases very fast. Searching a specified IP address could be low efficiency if we do not index flow information completely. As we know, inverted index is the key method of a practical search engine. Thus, this paper applies the idea of inverted index and index compress algorithm to the net flow information retrieval. After the analysis and experiment, the result shows that inverted index method is feasible in flow information retrieval and can improve the query performance as expected.