Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
NOX: towards an operating system for networks
ACM SIGCOMM Computer Communication Review
A policy-aware switching layer for data centers
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
OFRewind: enabling record and replay troubleshooting for networks
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
FlowSense: monitoring network utilization with zero measurement cost
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
| Hi-index | 0.00 |
Administrators of today's networks are highly interested in monitoring traffic for purposes of collecting statistics, detecting intrusions, and providing forensic evidence. Unfortunately, network size and complexity can make this a daunting task. Aside from the problems in analyzing network traffic for this information--an extremely difficult task itself--a more fundamental problem exists: how to route the traffic for network analysis in a robust, high performance manner that does not impact normal network traffic. Current solutions fail to address these problems in a manner that allows high performance and easy management. In this paper, we propose OpenSAFE, a system for enabling the arbitrary direction of traffic for security monitoring applications at line rates. Additionally, we describe ALARMS, a flow specification language that greatly simplifies management of network monitoring appliances. Finally, we describe a proof-of-concept implementation that we are currently undertaking to monitor traffic across our network.