Principles for developing comprehensive network visibility

Authors:
Mark Allman;Christian Kreibich;Vern Paxson;Robin Sommer;Nicholas Weaver
Affiliations:
International Computer Science Institute;International Computer Science Institute;International Computer Science Institute;International Computer Science Institute;International Computer Science Institute
Venue:
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Year:
2008

Citing 4
Cited 3

Wide area traffic: the failure of Poisson modeling

IEEE/ACM Transactions on Networking (TON)
The many faces of publish/subscribe

ACM Computing Surveys (CSUR)
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Enriching network security analysis with time travel

Proceedings of the ACM SIGCOMM 2008 conference on Data communication

Outsourcing home network security

Proceedings of the 2010 ACM SIGCOMM workshop on Home networks
CANVuS: context-aware network vulnerability scanning

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
New opportunities for load balancing in network-wide intrusion detection systems

Proceedings of the 8th international conference on Emerging networking experiments and technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

We argue that for both defending against attacks and apprehending the scope of attacks after they are detected, there is great utility in attaining views of network activity that are unified across time and space. By this we mean enabling operators to apply particular analyses to both past and future activity in a coherent fashion, and applied across a wealth of information collected from a variety of monitoring points, including across administratively independent sites. We outline the core design goals necessary for building systems to develop such visibility in an operationally viable way.