att_abstract={{Network traces are essential for a wide range of network applications,
including traffic analysis, network measurement, performance monitoring, and
security analysis. Existing capture tools do not have sufficient built-in intelligence
to understand these application requirements. Consequently, they are forced to
collect all packet traces that might be useful at the finest granularity to meet a
certain level of accuracy requirement. It is up to the network applications to process
the per-flow traffic statistics and extract meaningful information. But for a
number of applications, it is much more efficient to record packet sequences for
flows that match some application-specific signatures, specified using for example
regular expressions. A basic approach is to begin memory-copy (recording)
when the first character of a regular expression is matched. However, often times,
a matching eventually fails, thus consuming unnecessary memory resources during
the interim. In this paper, we present a programmable application-aware triggered
trace collection system called Network DVR that performs precisely the
function of packet content recording based on user-specified trigger signatures.
This in turn significantly reduces the number of memory copies that the system
has to consume for valid trace collection, which has been shown previously as
a key indicator of system performance [8]. We evaluated our Network DVR implementation
on a practical application using 10 real datasets that were gathered
from a large enterprise Internet gateway. In comparison to the basic approach in
which the memory-copy starts immediately upon the first character match without
triggered-recording, Network DVR was able to reduce the amount of memorycopies
by a factor of over 500x on average across the 10 datasets and over 800x
in the best case.}},
	att_authors={ag1971, ss2864, os1872},
	att_copyright_notice={{The definitive version was published in PAM/2010 (Springer, LNCS). {{, 2010-04-09}}}},
	author={Chia-Wei Chang and Alexandre Gerber and Bill Lin, University of California and Subhabrata Sen and Oliver Spatscheck},
	institution={{in Proc. Passive and Active Measurement Conference (PAM)}},
	title={{Network DVR: A Programmable Framework for  Application-Aware Trace Collection}},