I am a researcher working on developing a new switch-based on-the-fly telemetry system that takes a flow chart as input to describe a particular detection task (rather than just features or information elements as in IPFIX). For an example of what I mean by "flow chart" see the figure here: https://ieeexplore.ieee.org/mediastore_new/IEEE/content/media/8048782/804885.... Might anyone have pointers to a source of more such flow charts? The other issue I'm worried about is that it might take a couple rounds before an event is detected (since the system has to step through the flow chart and possibly look at different traffic features in the process). What is a typical duration of the types of events people might want to catch with a telemetry system like this? Do these kind of events generate the same type of traffic throughout their durations, or do traffic features change as the event progresses? Thanks! Chris
participants (1)
-
Chris Misa