Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks

2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München / Müller, Paul (ed.). - Bonn : Gesellschaft für Informatik, 2009. - (GI-Edition - Lecture Notes in Informatics ; 149). - pp. 115-124. - ISBN 978-3-88579-243-7

Abstract

While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatic intrusion detection methods can detect a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to present the visual analysis system NFlowVis to interactively detect unwanted usage of the network infrastructure either by pivoting NetFlows using lDS a1erts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of NetFlows by means of a database management system.

Subject (DDC)

004 Computer Science

Cite This

ISO 690

MANSMANN, Florian, Fabian FISCHER, Daniel A. KEIM, Stephan PIETZKO, Marcel WALDVOGEL, 2009. Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks. In: MÜLLER, Paul, ed.. 2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München. Bonn:Gesellschaft für Informatik, pp. 115-124. ISBN 978-3-88579-243-7

BibTex

@incollection{Mansmann2009Inter-5752,
  year={2009},
  title={Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks},
  number={149},
  isbn={978-3-88579-243-7},
  publisher={Gesellschaft für Informatik},
  address={Bonn},
  series={GI-Edition - Lecture Notes in Informatics},
  booktitle={2. DFN-Forum Kommunikationstechnik  :  Verteilte Systeme im Wissenschaftsbereich  ;  27.05.  - 28.05.2009 in München},
  pages={115--124},
  editor={Müller, Paul},
  author={Mansmann, Florian and Fischer, Fabian and Keim, Daniel A. and Pietzko, Stephan and Waldvogel, Marcel}
}

RDF

<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/5752">
    <dcterms:title>Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks</dcterms:title>
    <dcterms:bibliographicCitation>First publ. in: 2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München / Müller, Paul (Hrsg.). - Bonn: Gesellschaft für Informatik, 2009. - (GI-Edition - Lecture Notes in Informatics ; 149). - pp. 115-124. - ISBN 978-3-88579-243-7</dcterms:bibliographicCitation>
    <dc:contributor>Pietzko, Stephan</dc:contributor>
    <dc:language>eng</dc:language>
    <dcterms:abstract xml:lang="eng">While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatic intrusion detection methods can detect a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to present the visual analysis system NFlowVis to interactively detect unwanted usage of the network infrastructure either by pivoting NetFlows using lDS a1erts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of NetFlows by means of a database management system.</dcterms:abstract>
    <dc:creator>Waldvogel, Marcel</dc:creator>
    <dc:contributor>Keim, Daniel A.</dc:contributor>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:59:49Z</dcterms:available>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/5752"/>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dc:creator>Mansmann, Florian</dc:creator>
    <dc:contributor>Mansmann, Florian</dc:contributor>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5752/1/Mansmann_2009_InteractiveAnalysis.pdf"/>
    <dc:format>application/pdf</dc:format>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dc:creator>Fischer, Fabian</dc:creator>
    <dc:rights>terms-of-use</dc:rights>
    <dcterms:issued>2009</dcterms:issued>
    <dc:creator>Keim, Daniel A.</dc:creator>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5752/1/Mansmann_2009_InteractiveAnalysis.pdf"/>
    <dc:contributor>Fischer, Fabian</dc:contributor>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dc:contributor>Waldvogel, Marcel</dc:contributor>
    <dc:creator>Pietzko, Stephan</dc:creator>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:59:49Z</dc:date>
  </rdf:Description>
</rdf:RDF>

Bibliography of Konstanz

Yes