Skip to Main Content
One difficult task when managing large-scale network traffic flows is that the network operators must deal with a very large number of flow records. In this paper, we introduce a new defined TCP flags information analysis method, proportion-based analysis, which is a better way to narrow the analyzable flow records. We compute the percentage of different type of TCP flags among total traffic flows and consider these as multivariate time series over a duration of time. Furthermore, we may obtain frequent pattern of different type of TCP flags using multivariate time series association rule mining method. Experimental results with backbone network (Internet2) data confirmed our method.