Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks

Lade...
Vorschaubild
Dateien
Zu diesem Dokument gibt es keine Dateien.
Datum
2009
Herausgeber:innen
Kontakt
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
DOI (zitierfähiger Link)
ArXiv-ID
Internationale Patentnummer
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Open Access Green
Core Facility der Universität Konstanz
Gesperrt bis
Titel in einer weiteren Sprache
Forschungsvorhaben
Organisationseinheiten
Zeitschriftenheft
Publikationstyp
Beitrag zu einem Sammelband
Publikationsstatus
Published
Erschienen in
MÜLLER, Paul, ed.. 2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München. Bonn: Gesellschaft für Informatik, 2009, pp. 115-124. GI-Edition - Lecture Notes in Informatics. 149. ISBN 978-3-88579-243-7
Zusammenfassung

While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatic intrusion detection methods can detect a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to present the visual analysis system NFlowVis to interactively detect unwanted usage of the network infrastructure either by pivoting NetFlows using lDS a1erts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of NetFlows by means of a database management system.

Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
004 Informatik
Schlagwörter
Konferenz
Rezension
undefined / . - undefined, undefined
Zitieren
ISO 690MANSMANN, Florian, Fabian FISCHER, Daniel A. KEIM, Stephan PIETZKO, Marcel WALDVOGEL, 2009. Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks. In: MÜLLER, Paul, ed.. 2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München. Bonn: Gesellschaft für Informatik, 2009, pp. 115-124. GI-Edition - Lecture Notes in Informatics. 149. ISBN 978-3-88579-243-7
BibTex
@incollection{Mansmann2009Inter-5752,
  year={2009},
  title={Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks},
  number={149},
  isbn={978-3-88579-243-7},
  publisher={Gesellschaft für Informatik},
  address={Bonn},
  series={GI-Edition - Lecture Notes in Informatics},
  booktitle={2. DFN-Forum Kommunikationstechnik  :  Verteilte Systeme im Wissenschaftsbereich  ;  27.05.  - 28.05.2009 in München},
  pages={115--124},
  editor={Müller, Paul},
  author={Mansmann, Florian and Fischer, Fabian and Keim, Daniel A. and Pietzko, Stephan and Waldvogel, Marcel}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/5752">
    <dcterms:title>Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks</dcterms:title>
    <dcterms:bibliographicCitation>First publ. in: 2. DFN-Forum Kommunikationstechnik : Verteilte Systeme im Wissenschaftsbereich ; 27.05. - 28.05.2009 in München / Müller, Paul (Hrsg.). - Bonn: Gesellschaft für Informatik, 2009. - (GI-Edition - Lecture Notes in Informatics ; 149). - pp. 115-124. - ISBN 978-3-88579-243-7</dcterms:bibliographicCitation>
    <dc:contributor>Pietzko, Stephan</dc:contributor>
    <dc:language>eng</dc:language>
    <dcterms:abstract xml:lang="eng">While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatic intrusion detection methods can detect a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to present the visual analysis system NFlowVis to interactively detect unwanted usage of the network infrastructure either by pivoting NetFlows using lDS a1erts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of NetFlows by means of a database management system.</dcterms:abstract>
    <dc:creator>Waldvogel, Marcel</dc:creator>
    <dc:contributor>Keim, Daniel A.</dc:contributor>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:59:49Z</dcterms:available>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/5752"/>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dc:creator>Mansmann, Florian</dc:creator>
    <dc:contributor>Mansmann, Florian</dc:contributor>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5752/1/Mansmann_2009_InteractiveAnalysis.pdf"/>
    <dc:format>application/pdf</dc:format>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dc:creator>Fischer, Fabian</dc:creator>
    <dc:rights>terms-of-use</dc:rights>
    <dcterms:issued>2009</dcterms:issued>
    <dc:creator>Keim, Daniel A.</dc:creator>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5752/1/Mansmann_2009_InteractiveAnalysis.pdf"/>
    <dc:contributor>Fischer, Fabian</dc:contributor>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dc:contributor>Waldvogel, Marcel</dc:contributor>
    <dc:creator>Pietzko, Stephan</dc:creator>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:59:49Z</dc:date>
  </rdf:Description>
</rdf:RDF>
Interner Vermerk
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Kontakt
URL der Originalveröffentl.
Prüfdatum der URL
Prüfungsdatum der Dissertation
Finanzierungsart
Kommentar zur Publikation
Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen