Nfsight: netflow-based network awareness tool

Authors:
Robin Berthier;Michel Cukier;Matti Hiltunen;Dave Kormann;Gregg Vesonder;Dan Sheleheda
Affiliations:
Coordinated Science Laboratory, Information Trust Institute, University of Illinois, Urbana-Champaign, IL;The Institute for Systems Research, Clark School of Engineering, University of Maryland, College Park, MD;AT&T Labs Research, Florham Park, NJ;AT&T Labs Research, Florham Park, NJ;AT&T Labs Research, Florham Park, NJ;AT&T Labs Research, Florham Park, NJ
Venue:
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Year:
2010

Citing 16
Cited 5

NVisionIP: netflow visualizations of system state for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
The OSU Flow-tools Package and CISCO NetFlow Logs

LISA '00 Proceedings of the 14th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool

LISA '00 Proceedings of the 14th USENIX conference on System administration
More Netflow Tools for Performance and Security

LISA '04 Proceedings of the 18th USENIX conference on System administration
BLINC: multilevel traffic classification in the dark

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Closing-the-Loop in NVisionIP: Integrating Discovery and Search in Security Visualizations

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Experience Using Active and Passive Mapping for Network Situational Awareness

NCA '06 Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications
Identifying and discriminating between web and peer-to-peer traffic in the network core

Proceedings of the 16th international conference on World Wide Web
Towards network awareness

LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Visualizing NetFlows for security at line speed: the SIFT tool suite

LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Understanding passive and active service discovery

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Visual Discovery in Computer Network Defense

IEEE Computer Graphics and Applications
Large-Scale Network Monitoring for Visual Analysis of Attacks

VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
FloVis: Flow Visualization System

CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Internet traffic classification demystified: myths, caveats, and the best practices

CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Netpy: Advanced Network Traffic Monitoring

INCOS '09 Proceedings of the 2009 International Conference on Intelligent Networking and Collaborative Systems

DarkNOC: dashboard for honeypot management

LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Community-based analysis of netflow for early detection of security incidents

LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
A journey towards rigorous cybersecurity experiments: on the application of criminological theories

Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
A supervised machine learning approach to classify host roles on line using sFlow

Proceedings of the first edition workshop on High performance and programmable networking
Visualizing big network traffic data using frequent pattern mining and hypergraphs

Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network awareness is highly critical for network and security administrators. It enables informed planning and management of network resources, as well as detection and a comprehensive understanding of malicious activity. It requires a set of tools to efficiently collect, process, and represent network data. While many such tools already exist, there is no flexible and practical solution for visualizing network activity at various granularities, and quickly gaining insights about the status of network assets. To address this issue, we developed Nfsight, a Net-Flow processing and visualization application designed to offer a comprehensive network awareness solution. Nfsight constructs bidirectional flows out of the unidirectional NetFlow flows and leverages these bidirectional flows to provide client/server identification and intrusion detection capabilities. We present in this paper the internal architecture of Nfsight, the evaluation of the service, and intrusion detection algorithms. We illustrate the contributions of Nfsight through several case studies conducted by security administrators on a large university network.