Min-max heaps and generalized priority queues
Communications of the ACM
A new data structure for cumulative frequency tables
Software—Practice & Experience
Multidimensional binary search trees used for associative searching
Communications of the ACM
Data Cube: A Relational Aggregation Operator Generalizing Group-By, Cross-Tab, and Sub-Totals
Data Mining and Knowledge Discovery
Aguri: An Aggregation-Based Traffic Profiler
COST 263 Proceedings of the Second International Workshop on Quality of Future Internet Services
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Home-centric visualization of network traffic for security administration
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A survey on tree edit distance and related problems
Theoretical Computer Science
Visualizing NetFlows for security at line speed: the SIFT tool suite
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Context-aware clustering of DNS query traffic
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
ENAVis: enterprise network activities visualization
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Portscan Detection with Sampled NetFlow
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
Entropy based adaptive flow aggregation
IEEE/ACM Transactions on Networking (TON)
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
NetStore: an efficient storage infrastructure for network forensics and monitoring
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Log analysis and event correlation using variable temporal event correlator (VTEC)
LISA'10 Proceedings of the 24th international conference on Large installation system administration
BotTrack: tracking botnets using NetFlow and PageRank
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Detecting malware domains at the upper DNS hierarchy
SEC'11 Proceedings of the 20th USENIX conference on Security
Report of the Third Workshop on the Usage of NetFlow/IPFIX in Network Management
Journal of Network and Systems Management
Community-based analysis of netflow for early detection of security incidents
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
BotCloud: Detecting botnets using MapReduce
WIFS '11 Proceedings of the 2011 IEEE International Workshop on Information Forensics and Security
| Hi-index | 0.00 |
Today, network monitoring becomes necessary on many levels: Internet Service Providers, large companies as well as smaller entities. Since network monitoring supports many applications in various fields (security, service provisioning, etc), it may consider multiple sources of information such as network traffic, user activity, network events and logs, etc. All these ones produce voluminous amount of data which need to be stored, visualized and analyzed for administration purposes. Various techniques to cope with scalability have been proposed as for example sampling or aggregation. In this paper, we introduce an aggregation technique which is able to handle multiple kinds of dimension, i.e. features, like traffic capture or host locations, without giving any preference a priori to a particular feature for ordering the aggregation process among dimensions. Furthermore, feature space granularity is determined on the fly depending on the desired events to monitor. We propose optimizations to keep the computational overhead low. In particular, the technique is applied to network related data involving multiple dimensions: source and destination IP addresses, services, geographical location of hosts, DNS names, etc. Thus, our approach is validated through multiple scenarios using different dimensions, measuring the impact of the aggregation process and the optimizations as well as by highlighting the ability to figure out important facts or changes in the network.