Tracking per-flow state — Binned Duration Flow Tracking

Recent advances in network monitoring have increasingly focused on obtaining per-flow information, such as flow state. Tracking the state of network flows opens up a new dimension of information gathering for network operators, allowing previously unattainable data to be captured. This paper presents a time efficient novel method - Binned Duration Flow Tracking (BDFT) - of tracking per-flow state by grouping valid flows into "bins". BDFT is intended for high-speed routers where CPU time is crucial. BDFT is time efficient by adopting Bloom filters as the primary data structures. Simulation results show that BDFT can achieve over 99% accuracy on traces of real network traffic.