Hyperion: high volume stream archival for retrospective querying
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
A sequence-oriented stream warehouse paradigm for network monitoring applications
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
A framework for attack patterns' discovery in honeynet data
Digital Investigation: The International Journal of Digital Forensics & Incident Response
| Hi-index | 0.00 |
Detecting and unraveling incipient coordinated attacks on Internet resources requires a distributed network monitoring infrastructure. Such an infrastructure will have two logically distinct elements: distributed monitors that continuously collect packet and flow-level information, and a distributed query system that allows network operators to effi- ciently and rapidly access this information. We argue that, in addition to supporting other types of queries, the network monitoring query system must support multi-dimensional range queries on traffic records (flows, or aggregated flow records). We discuss the design of MIND, a distributed indexing system which supports the creation of multiple distributed indices that use proximal hashing to scalably respond to range queries.