– measuring the Internet.

Network Architectures and Services

Network Measurement Activites at TUM

An important prerequisite for many network operation tasks today is the availability of traffic measurement functions that provide information about the current traffic characteristics with low latency. The resulting measurement data can then be analyzed and interpreted in order to classify the traffic into application classes, to detect malicious activities (e.g., worm outbreaks or botnet traffic), or to detect network malfunctions. Furthermore, communication patterns observed in a network allow inferring dependencies between different service, which is useful to identify the most critical components and end systems in a network. Our research work focuses on the development and evaluation of novel passive traffic measurement functions, in particular for real-time packet-level and flow-level measurements, as well as the analysis of packet and flow data for traffic classification and the detection of attacks and anomalies. Furthermore, we contribute to standardization bodies, especially to the IETF.