NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
The OSU Flow-tools Package and CISCO NetFlow Logs
LISA '00 Proceedings of the 14th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
More Netflow Tools for Performance and Security
LISA '04 Proceedings of the 18th USENIX conference on System administration
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Closing-the-Loop in NVisionIP: Integrating Discovery and Search in Security Visualizations
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Experience Using Active and Passive Mapping for Network Situational Awareness
NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
Identifying and discriminating between web and peer-to-peer traffic in the network core
Proceedings of the 16th international conference on World Wide Web
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Visualizing NetFlows for security at line speed: the SIFT tool suite
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Understanding passive and active service discovery
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Visual Discovery in Computer Network Defense
IEEE Computer Graphics and Applications
Large-Scale Network Monitoring for Visual Analysis of Attacks
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
FloVis: Flow Visualization System
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Netpy: Advanced Network Traffic Monitoring
INCOS '09 Proceedings of the 2009 International Conference on Intelligent Networking and Collaborative Systems
DarkNOC: dashboard for honeypot management
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Community-based analysis of netflow for early detection of security incidents
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
A journey towards rigorous cybersecurity experiments: on the application of criminological theories
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
A supervised machine learning approach to classify host roles on line using sFlow
Proceedings of the first edition workshop on High performance and programmable networking
Hi-index | 0.00 |
Network awareness is highly critical for network and security administrators. It enables informed planning and management of network resources, as well as detection and a comprehensive understanding of malicious activity. It requires a set of tools to efficiently collect, process, and represent network data. While many such tools already exist, there is no flexible and practical solution for visualizing network activity at various granularities, and quickly gaining insights about the status of network assets. To address this issue, we developed Nfsight, a Net-Flow processing and visualization application designed to offer a comprehensive network awareness solution. Nfsight constructs bidirectional flows out of the unidirectional NetFlow flows and leverages these bidirectional flows to provide client/server identification and intrusion detection capabilities. We present in this paper the internal architecture of Nfsight, the evaluation of the service, and intrusion detection algorithms. We illustrate the contributions of Nfsight through several case studies conducted by security administrators on a large university network.