icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

Flow Indexing: Making Queries Go Faster

Presentation
By
In this presentation, John McHugh explains that using the SiLK framework to index flow is effective and inexpensive, and reduces query time significantly.
Publisher

Software Engineering Institute

Topic or Tag

Abstract

Conclusions

  • Indexing of flow is effective and inexpensive.
  • For a large class of queries, it can significantly reduce query time by eliminating files from consideration.
  • Everything can be done within the SiLK framework, but:
    • Some data reorganization and improvements in the tools (more efficient data structures, tool approaches, multi-key sets) could improve things.
    • Routine indexing of {sip, dip}, ports, protocols, size, rate, frequency, etc., distributions with graphical presentation would be a big plus.
SHARE
Download PDF
Part of a Collection

Flocon 2012 Collection
Ask a question about this Presentation

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.