A NetFlow based flow analysis and monitoring system in enterprise networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Survey of the High-Speed Self-learning Intrusion Detection Research Area
AIMS '07 Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management
FLAME: a flow-level anomaly modeling engine
CSET'08 Proceedings of the conference on Cyber security experimentation and test
Processing of flow accounting data in Java: framework design and performance evaluation
EUNICE'10 Proceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Review: A survey of network flow applications
Journal of Network and Computer Applications
| Hi-index | 0.00 |
We developed an open source Internet backbone monitoring and traffic analysis framework named UPFrame. It captures UDP NetFlow packets, buffers it in shared memory and feeds it to customised plug-ins. UPFrame is highly tolerant to misbehaving plug-ins and provides a watchdog mechanism for restarting crashed plug-ins. This makes UPFrame an ideal platform for experiments. It also features a traffic shaper for smoothing incoming traffic bursts. Using this framework, we have investigated IDS-like anomaly detection possibilities for high-speed Internet backbone networks. We have implemented several plug-ins for host behaviour classification, traffic activity pattern recognition, and traffic monitoring. We successfully detected the recent Blaster, Nachi and Witty worm outbreaks in a medium-sized Swiss Internet backbone (AS559) using border router Net- Flow data captured in the DDoSVax project. The framework is efficient and robust and can complement traditional intrusion detection systems.