Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks

Loading...
Thumbnail Image
Date
2009
Editors
Contact
Journal ISSN
Electronic ISSN
ISBN
Bibliographical data
Publisher
Series
DOI (citable link)
ArXiv-ID
International patent number
Link to the license
EU project number
Project
Secure Networking and Storage
Open Access publication
Restricted until
Title in another language
Research Projects
Organizational Units
Journal Issue
Publication type
Contribution to a collection
Publication status
Published in
2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München / Müller, Paul (ed.). - Bonn : Gesellschaft für Informatik, 2009. - (GI-Edition - Lecture Notes in Informatics ; 149). - pp. 115-124. - ISBN 978-3-88579-243-7
Abstract
While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatic intrusion detection methods can detect a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to present the visual analysis system NFlowVis to interactively detect unwanted usage of the network infrastructure either by pivoting NetFlows using lDS a1erts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of NetFlows by means of a database management system.
Summary in another language
Subject (DDC)
004 Computer Science
Keywords
Conference
Review
undefined / . - undefined, undefined. - (undefined; undefined)
Cite This
ISO 690MANSMANN, Florian, Fabian FISCHER, Daniel A. KEIM, Stephan PIETZKO, Marcel WALDVOGEL, 2009. Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks. In: MÜLLER, Paul, ed.. 2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München. Bonn:Gesellschaft für Informatik, pp. 115-124. ISBN 978-3-88579-243-7
BibTex
@incollection{Mansmann2009Inter-5752,
  year={2009},
  title={Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks},
  number={149},
  isbn={978-3-88579-243-7},
  publisher={Gesellschaft für Informatik},
  address={Bonn},
  series={GI-Edition - Lecture Notes in Informatics},
  booktitle={2. DFN-Forum Kommunikationstechnik  :  Verteilte Systeme im Wissenschaftsbereich  ;  27.05.  - 28.05.2009 in München},
  pages={115--124},
  editor={Müller, Paul},
  author={Mansmann, Florian and Fischer, Fabian and Keim, Daniel A. and Pietzko, Stephan and Waldvogel, Marcel}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/5752">
    <dcterms:title>Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks</dcterms:title>
    <dcterms:bibliographicCitation>First publ. in: 2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München / Müller, Paul (Hrsg.). - Bonn: Gesellschaft für Informatik, 2009. - (GI-Edition - Lecture Notes in Informatics ; 149). - pp. 115-124. - ISBN 978-3-88579-243-7</dcterms:bibliographicCitation>
    <dc:contributor>Pietzko, Stephan</dc:contributor>
    <dc:language>eng</dc:language>
    <dcterms:abstract xml:lang="eng">While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatic intrusion detection methods can detect a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to present the visual analysis system NFlowVis to interactively detect unwanted usage of the network infrastructure either by pivoting NetFlows using lDS a1erts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of NetFlows by means of a database management system.</dcterms:abstract>
    <dc:creator>Waldvogel, Marcel</dc:creator>
    <dc:contributor>Keim, Daniel A.</dc:contributor>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:59:49Z</dcterms:available>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/5752"/>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dc:creator>Mansmann, Florian</dc:creator>
    <dc:contributor>Mansmann, Florian</dc:contributor>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5752/1/Mansmann_2009_InteractiveAnalysis.pdf"/>
    <dc:format>application/pdf</dc:format>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dc:creator>Fischer, Fabian</dc:creator>
    <dc:rights>terms-of-use</dc:rights>
    <dcterms:issued>2009</dcterms:issued>
    <dc:creator>Keim, Daniel A.</dc:creator>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5752/1/Mansmann_2009_InteractiveAnalysis.pdf"/>
    <dc:contributor>Fischer, Fabian</dc:contributor>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dc:contributor>Waldvogel, Marcel</dc:contributor>
    <dc:creator>Pietzko, Stephan</dc:creator>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:59:49Z</dc:date>
  </rdf:Description>
</rdf:RDF>
Internal note
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Contact
URL of original publication
Test date of URL
Examination date of dissertation
Method of financing
Comment on publication
Alliance license
Corresponding Authors der Uni Konstanz vorhanden
International Co-Authors
Bibliography of Konstanz
Yes
Refereed