NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PlanetFlow: maintaining accountability for network services
ACM SIGOPS Operating Systems Review
On web browsing privacy in anonymized NetFlows
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Design of an IP Flow Record Query Language
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
Behavioural Characterization for Network Anomaly Detection
Transactions on Computational Science IV
Design of a Stream-Based IP Flow Record Query Language
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
Implementation of a stream-based IP flow record query language
AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Network scan detection with LQS: a lightweight, quick and stateful algorithm
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Collection and exploration of large data monitoring sets using bitmap databases
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
Finding peer-to-peer file-sharing using coarse network behaviors
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Massive scale cyber traffic analysis: a driver for graph database research
First International Workshop on Graph Data Management Experiences and Systems
Scalable hybrid stream and hadoop network analysis system
Proceedings of the 5th ACM/SPEC international conference on Performance engineering
| Hi-index | 0.00 |
Argonne National Laboratory operates a complex internal network with a large number of external network peerings. A requirement of this network is that it be monitored with minimal impact on traffic. Cisco NetFlow technology provides the information necessary to monitor such a network, but the data from NetFlow must be captured and analyzed. We present a system that uses a high-powered relational database to manage the data. Our primary motivations in building this system were to learn whether or not database technology was an appropriate tool for this situation and to understand what types of questions about the network could be answered with such a system.This work was supported by the Mathematical, Information, and Computational Sciences Division subprogram of the Office of Advanced Scientific Computing Research, U.S. Department of Energy, under Contract W-31-109-Eng-38.