Bidirectional Flow Measurement, IPFIX, and Security Analysis
نویسندگان
چکیده
This paper describes the addition of bidirectional flow export to the IPFIX protocol, and the impact of this effort on security-related flow analysis. Along the way, it examines the application of bidirectional flow measurement to common security analysis tasks and the positive impact the adoption of IPFIX as a common interchange format could, and will, have on the community using flow measurement for security purposes.
منابع مشابه
Bidirectional Flow Export Using IP Flow Information Export (IPFIX)
This document describes an efficient method for exporting bidirectional flow (Biflow) information using the IP Flow Information Export (IPFIX) protocol, representing each Biflow using a single Flow Record. Trammell & Boschi Standards Track [Page 1] RFC 5103 IPFIX Biflow Export January 2008 Table of
متن کاملExperiences with IPFIX-based Traffic Measurement for IPv6 Networks
Though the popular Cisco NetFlow is widely used for flow-level traffic measurement in IPv4 networks, it is not suitable for IPv6 networks because of the fixed flow structure that cannot carry IPv6-related information. Therefore, the IETF IP Flow Information eXport (IPFIX) standard that employs the flexible flow template structure has been recently proposed to support various flow-level traffic ...
متن کاملNAF: The NetSA Aggregated Flow Tool Suite
In this paper we present a new suite of tools – NAF (for NetSA Aggregated Flow) – that accepts network flow data in multiple different formats and flexibly processes it into time-series aggregates represented in an IPFIX-based data format. NAF also supports both unidirectional and bidirectional flow data by matching uniflows into biflows where sufficient information is available. These tools ar...
متن کاملDefinitions of Managed Objects for IP Flow Information Export
This document defines managed objects for IP Flow Information eXport (IPFIX). These objects provide information for monitoring IPFIX Exporters and IPFIX Collectors including the basic configuration information.
متن کاملIPFIX/PSAMP: What Future Standards Can Offer to Network Security
Network security often requires the surveillance of the actual traffic in the network. Methods like signature-based attack detection or the detection of traffic anomalies require input from network measurements. The IETF currently standardizes the IP Flow Information Export (IPFIX) protocol for exporting flow information from routers and probes. The packet sampling (PSAMP) group extends the inf...
متن کامل