I am a researcher working on developing a new switch-based on-the-fly
telemetry system that takes a flow chart as input to describe a
particular detection task (rather than just features or information
elements as in IPFIX). For an example of what I mean by "flow chart" see
the figure here:
https://ieeexplore.ieee.org/mediastore_new/IEEE/content/media/8048782/8048856/8048939/8048939-fig-4-source-hires.gif.
Might anyone have pointers to a source of more such flow charts?
The other issue I'm worried about is that it might take a couple rounds
before an event is detected (since the system has to step through the
flow chart and possibly look at different traffic features in the
process). What is a typical duration of the types of events people might
want to catch with a telemetry system like this? Do these kind of events
generate the same type of traffic throughout their durations, or do
traffic features change as the event progresses?
Thanks!
Chris
