Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
The OSU Flow-tools Package and CISCO NetFlow Logs
LISA '00 Proceedings of the 14th USENIX conference on System administration
Detecting distributed scans using high-performance query-driven visualization
Proceedings of the 2006 ACM/IEEE conference on Supercomputing
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Interactive traffic analysis and visualization with Wisconsin Netpy
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Large-scale collection and sanitization of network security data: risks and challenges
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Passive network forensics: behavioural classification of network hosts based on connection patterns
ACM SIGOPS Operating Systems Review
A case study in testing a network security algorithm
Proceedings of the 4th International Conference on Testbeds and research infrastructures for the development of networks & communities
The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Long term data storage issues for situational awareness
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Measurement data reduction through variation rate metering
INFOCOM'10 Proceedings of the 29th conference on Information communications
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
NetStore: an efficient storage infrastructure for network forensics and monitoring
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
NET-FLi: on-the-fly compression, archiving and indexing of streaming network traffic
Proceedings of the VLDB Endowment
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Nfsight: netflow-based network awareness tool
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Collection and exploration of large data monitoring sets using bitmap databases
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
Modeling and analysis of network security situation prediction based on covariance likelihood neural
ICIC'11 Proceedings of the 7th international conference on Intelligent Computing: bio-inspired computing and applications
Community-based analysis of netflow for early detection of security incidents
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Real-time creation of bitmap indexes on streaming network data
The VLDB Journal — The International Journal on Very Large Data Bases
Toward efficient querying of compressed network payloads
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
RasterZip: compressing network monitoring data with support for partial decompression
Proceedings of the 2012 ACM conference on Internet measurement conference
A netflow v9 measurement system with network performance function
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Hi-index | 0.00 |
Analysis of network traffic is becoming increasingly important, not just for determining network characteristics and anticipating requirements, but also for security analysis. Several tool sets have been developed to perform analysis of flow-level network traffic, however none have had security as the primary goal of the analysis, nor has performance been a key consideration.In this paper we present a suite of tools for network traffic collection and analysis based on Cisco NetFlow. The two primary design considerations were performance and the ability to build richer models of traffic for security analysis. Thus the data structures and code have been optimized for use on very large networks with a large number of flows. Data filter rates are approximately 80 million records in less than 1.5 minutes on a Sun 4800.