More Netflow Tools for Performance and Security
نویسندگان
چکیده
Analysis of network traffic is becoming increasingly important, not just for determining network characteristics and anticipating requirements, but also for security analysis. Several tool sets have been developed to perform analysis of flow-level network traffic, however none have had security as the primary goal of the analysis, nor has performance been a key consideration. In this paper we present a suite of tools for network traffic collection and analysis based on Cisco NetFlow. The two primary design considerations were performance and the ability to build richer models of traffic for security analysis. Thus the data structures and code have been optimized for use on very large networks with a large number of flows. Data filter rates are approximately 80 million records in less than 1.5 minutes on a Sun 4800.
منابع مشابه
CANINE: A Combined Conversion and Anonymization Tool for Processing NetFlows for Security
Those creating NetFlow tools struggle with two problems: (1) NetFlows come in many different, incompatible formats, and (2) the sensitivity of NetFlow logs can hinder the sharing of these logs and thus make it difficult for developers—particularly student research assistants—to get real data to use. Our solution is a new tool we created that converts and anonymizes NetFlow logs. In this paper w...
متن کاملInternet Security Visualization Case Study: Instrumenting a Network for NetFlow Security Visualization Tools
With the development of the Internet and organizational intranets, it has become an increasingly critical and difficult task to monitor large and complex networks indispensable to security risk management and network performance analysis. Monitoring for security situational awareness with visualization has been shown to be an effective and efficient approach. However, the quality of source data...
متن کاملCommunity-based Analysis of Netflow for Early Detection of Security Incidents
Detection and remediation of security incidents (e.g., attacks, compromised machines, policy violations) is an increasingly important task of system administrators. While numerous tools and techniques are available (e.g., Snort, nmap, netflow), novel attacks and low-grade events may still be hard to detect in a timely manner. In this paper, we present a novel approach for detecting stealthy, lo...
متن کاملThe OSU Flow-tools Package and CISCO NetFlow Logs
Many Cisco routers and switches support NetFlow services which provides a detailed source of data about network traffic. The Office of Information Technology Enterprise Networking Services group (OIT/ENS) at The Ohio State University (OSU) has written a suite of tools called flow-tools to record, filter, print and analyze flow logs derived from exports of NetFlow accounting records. We use the ...
متن کاملDNFStore: A Distributed Netflow Storage System Supports Fast Retrieval
Network anomaly detection or network optimization based on Netflow plays an important role in current high-speed network management. Storage and analysis of high-speed continuous Netflow are hot and difficult issues in network security research and industry communities. Existing solutions, although useful in above areas, have several drawbacks in well handling Netflow records generated by large...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004