KOPS - The Institutional Repository of the University of Konstanz

Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks

Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks

Cite This

Files in this item

Checksum: MD5:b5595b30cfcdf8ab2865c218a9ebe182

MANSMANN, Florian, Fabian FISCHER, Daniel A. KEIM, Stephan PIETZKO, Marcel WALDVOGEL, 2009. Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks. In: MÜLLER, Paul, ed.. 2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München. Bonn:Gesellschaft für Informatik, pp. 115-124. ISBN 978-3-88579-243-7

@incollection{Mansmann2009Inter-5752, title={Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks}, year={2009}, number={149}, isbn={978-3-88579-243-7}, address={Bonn}, publisher={Gesellschaft für Informatik}, series={GI-Edition - Lecture Notes in Informatics}, booktitle={2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München}, pages={115--124}, editor={Müller, Paul}, author={Mansmann, Florian and Fischer, Fabian and Keim, Daniel A. and Pietzko, Stephan and Waldvogel, Marcel} }

<rdf:RDF xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:bibo="http://purl.org/ontology/bibo/" xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:void="http://rdfs.org/ns/void#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > <rdf:Description rdf:about="https://kops.uni-konstanz.de/rdf/resource/123456789/5752"> <dcterms:bibliographicCitation>First publ. in: 2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München / Müller, Paul (Hrsg.). - Bonn: Gesellschaft für Informatik, 2009. - (GI-Edition - Lecture Notes in Informatics ; 149). - pp. 115-124. - ISBN 978-3-88579-243-7</dcterms:bibliographicCitation> <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5752/1/Mansmann_2009_InteractiveAnalysis.pdf"/> <dc:contributor>Mansmann, Florian</dc:contributor> <dcterms:issued>2009</dcterms:issued> <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:59:49Z</dc:date> <dc:contributor>Pietzko, Stephan</dc:contributor> <dcterms:title>Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks</dcterms:title> <dc:language>eng</dc:language> <dcterms:rights rdf:resource="https://kops.uni-konstanz.de/page/termsofuse"/> <dc:contributor>Keim, Daniel A.</dc:contributor> <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/5752"/> <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/rdf/resource/123456789/36"/> <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:59:49Z</dcterms:available> <dc:contributor>Waldvogel, Marcel</dc:contributor> <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/> <dc:creator>Fischer, Fabian</dc:creator> <dc:format>application/pdf</dc:format> <foaf:homepage rdf:resource="http://localhost:8080/jspui"/> <dc:creator>Waldvogel, Marcel</dc:creator> <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/rdf/resource/123456789/36"/> <dc:rights>terms-of-use</dc:rights> <dc:contributor>Fischer, Fabian</dc:contributor> <dc:creator>Pietzko, Stephan</dc:creator> <dc:creator>Mansmann, Florian</dc:creator> <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5752/1/Mansmann_2009_InteractiveAnalysis.pdf"/> <dc:creator>Keim, Daniel A.</dc:creator> <dcterms:abstract xml:lang="eng">While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatic intrusion detection methods can detect a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to present the visual analysis system NFlowVis to interactively detect unwanted usage of the network infrastructure either by pivoting NetFlows using lDS a1erts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of NetFlows by means of a database management system.</dcterms:abstract> </rdf:Description> </rdf:RDF>

Downloads since Oct 1, 2014 (Information about access statistics)

Mansmann_2009_InteractiveAnalysis.pdf 280

This item appears in the following Collection(s)

Search KOPS


Browse

My Account