Date Added: Dec 2011
In the management of Internet Protocol networks, the number of flows is an important performance metric because it has useful applications in areas such as port scan detection, denial-of-service detection, and traffic analysis. Real-time counting of flows is particularly important because network operators can take immediate actions against detected network anomalies or performance degradation. This paper presents a method that enables real-time counting of flows classified by application. More useful information for network management can be obtained by counting classified flows. For example, the proposed method is helpful in determining the type of attacks or victim services for attack detection.