Nfsight: NetFlow-based network awareness tool

LISA 2010 - 24th Large Installation System Administration Conference

Volumn , Issue , 2010, Pages 119-134

  Berthier, Robin ^a   Cukier, Michel ^b   Hiltunen, Matti ^c   Kormann, Dave ^c   Vesonder, Gregg ^c   Sheleheda, Dan ^c  

^a University of Illinois at Urbana Champaign   (United States)

^b UNIVERSITY OF MARYLAND   (United States)

^c AT AND T LABS RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BI-DIRECTIONAL FLOWS; INTERNAL ARCHITECTURE; INTRUSION DETECTION ALGORITHMS; MALICIOUS ACTIVITIES; NETWORK ACTIVITIES; PRACTICAL SOLUTIONS; SECURITY ADMINISTRATOR; VISUALIZATION APPLICATION;

INTRUSION DETECTION;

EID: 85094639135     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (38)

1. BARTLETT, G., HEIDEMANN, J., AND PAPADOPOULOS, C. Understanding passive and active service discovery. In Proc. 7th ACM Internet Measurement Conference (2007), pp. 55-60.
2. Caida cflowd. http://www.caida.org/tools/measurement/cflowd/, 2010.
3. CIRNECI, A., BOBOC, S., LEORDEANU, C., CRISTEA, V., AND ESTAN, C. Netpy: Advanced Network Traffic Monitoring. In Proc. Int Conf. on Intelligent Networking and Collaborative Systems (INCOS'09) (2009), pp. 253-254.
4. CLAISE, B., QUITTEK, J., BRYANT, S., AITKEN, P., MEYER, J., TRAMMELL, B., BOSCHI, E., WENGER, S., CHANDRA, U., WESTERLUND, M., ET AL. RFC 5101 Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information, 2008.
5. D'AMICO, A., GOODALL, J., TESONE, D., AND KOPYLEC, J. Visual discovery in computer network defense. IEEE Computer Graphics and Applications 27, 5 (2007), 20-27.
6. ERMAN, J., MAHANTI, A., ARLITT, M., AND WILLIAMSON, C. Identifying and discriminating between web and peer-to-peer traffic in the network core. In Proceedings of the 16th international conference on World Wide Web (2007), ACM, p. 892.
7. FISCHER, F., MANSMANN, F., KEIM, D., PIETZKO, S., AND WALDVOGEL, M. Large-scale network monitoring for visual analysis of attacks. In Proc. Workshop on Visualization for Computer Security (VizSEC) (2008), Springer, p. 111.
8. GATES, C., COLLINS, M., DUGGAN, M., KOMPANEK, A., AND THOMAS, M. More NetFlow tools: For performance and security. In Proc. 18th USENIX Large Installation System Administration Conf. (LISA) (2004), pp. 121-132.
9. GLANFIELD, J., BROOKS, S., TAYLOR, T., PATERSON, D., SMITH, C., GATES, C., AND MCHUGH, J. OverFlow: An Overview Visualization for Network Analysis. In Proc. 6th Int. Workshop on Visualization for Cyber Security (VizSec) (2009), pp. 11-19.
10. HAAG, P. Watch your Flows with NfSen and NFDUMP. In 50th RIPE Meeting (2005).
11. HUGHES, E., AND SOMAYAJI, A. Towards network awareness. In Proc. 19th USENIX Large Installation System Administration Conf. (LISA) (2005), pp. 113-124.
12. Iana assigned port numbers. http://www.iana.org/assignments/port-numbers, 2010.
13. KARAGIANNIS, T., PAPAGIANNAKI, K., AND FALOUTSOS, M. BLINC: multilevel traffic classification in the dark. In Proc. ACM SIGCOMM Conference (2005), pp. 229-240.
14. KIM, H., CLAFFY, K., FOMENKOV, M., BARMAN, D., FALOUTSOS, M., AND LEE, K. Internet traffic classification demystified: myths, caveats, and the best practices. In Proceedings of the 2008 ACM CoNEXT conference (2008), ACM, pp. 1-12.
15. LAKKARAJU, K., BEARAVOLU, R., SLAGELL, A., YURCIK, W., AND NORTH, S. Closing-the-loop in NVisionIP: Integrating discovery and search in security visualizations. In Proc. IEEE Workshop on Visualization for Computer Security (VizSEC) (2005).
16. LAKKARAJU, K., YURCIK, W., AND LEE, A. NVisionIP: netflow visualizations of system state for security situational awareness. In Proc. ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC) (2004), pp. 65-72.
17. LEINEN, S. FloMA: Pointers and Software, NetFlow. Tech. rep., SWITCH, 2010.
18. Nfdump. http://nfdump.sourceforge.net, 2010.
19. Nfsen. http://nfsen.sourceforge.net, 2010.
20. Nmap. http://www.nmap.org, 2010.
21. Nprobe: Netflow/ipfix network probe. http://www.ntop.org/nProbe.html, 2010.
22. Ntop: Network traffic probe. http://www.ntop.org, 2010.
23. Pads. http://passive.sourceforge.net, 2010.
24. Pbnj. http://pbnj.sourceforge.net, 2010.
25. PLONKA, D. Flowscan: A Network Traffic Flow Reporting and Visualization Tool. In Proc. 14th USENIX Large Installation System Administration Conf. (LISA) (2000), pp. 305-318.
26. QOSIENT, L. Argus: Network Audit Record Generation and Utilization System.
27. ROMIG, S., FULLMER, M., AND LUMAN, R. The OSU flow-tools package and CISCO NetFlow logs. In Proc. 14th USENIX Large Installation System Administration Conf, (LISA) (2000), pp. 291-304.
28. SO-IN, C. A Survey of Network Traffic Monitoring and Analysis Tools. Cse 576m computer system analysis project, Washington University in St. Louis, 2009.
29. Softflowd: fast software netflow probe. http://www.mindrot.org/projects/softflowd/, 2010.
30. TAYLOR, T., BROOKS, S., AND MCHUGH, J. NetBytes viewer: An entity-based netflow visualization utility for identifying intrusive behavior. pp. 101-114.
31. TAYLOR, T., PATERSON, D., GLANFIELD, J., GATES, C., BROOKS, S., AND MCHUGH, J. FloVis: Flow Visualization System. In Proc. Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH) (2009), pp. 186-198.
32. TRAMMELL, B., AND BOSCHI, E. RFC 5103: Bidirectional Flow Export Using IP Flow Information Export (IPFIX), 2008.
33. TRICAUD, S., AND SAADÉ, P. Applied parallel coordinates for logs and network traffic attack analysis. Journal in computer virology 6, 1 (2010), 1-29.
34. Webmin vulnerability, cve-2006-3392, 2006.
35. WEBSTER, S., LIPPMANN, R., AND ZISSMAN, M. Experience using active and passive mapping for network situational awareness. In Proc. 5th IEEE Int. Symp. on Network Computing and Applications (NCA) (2006), pp. 19-26.
36. Yaf. http://tools.netsa.cert.org/yaf/, 2010.
37. YURCIK, W. Visualizing NetFlows for security at line speed: the SIFT tool suite. In Proc. 19th Large Installation System Administration Conf. (LISA) (2005), USENIX, pp. 169-176.
38. YURCIK, W. VisFlowConnect-IP: a link-based visualization of Netflows for security monitoring. In 18th Annual FIRST Conf. on Computer Security Incident Handling (2006).