L. Deri, Ellie Chou, Zach Cherian, Kedar Karmarkar, M. Patterson
NetFlow is the de-facto protocol used to collect IP traffic information by categorizing packets in flows and obtain important flow information, such as IP address, TCP/UDP ports, byte counts. With information obtained from NetFlow, IT managers can gain insights into the activities in the network. NetFlow has become a key tool for network troubleshooting, capacity planning, and anomaly detection. Due to its nature to examine every packet, NetFlow is often implemented on expensive custom ASIC or else suffer major performance hit for packet forwarding, thus limit the adoption. NetFlow-Lite bridges the gap as a lower-cost solution, providing the network visibility similar to those delivered by NetFlow. This paper describes the architecture and implementation of NetFlow-Lite, and how it integrates with nProbe to provide a scalable and easy-to-adopt solution. The validation phase carried on Catalyst 4948E switches has demonstrated that NetFlow-Lite can efficiently monitor high-speed networks and deliver results similar to those provided by NetFlow with satisfactory accuracy.
{"title":"Increasing data center network visibility with cisco NetFlow-Lite","authors":"L. Deri, Ellie Chou, Zach Cherian, Kedar Karmarkar, M. Patterson","doi":"10.5555/2147671.2147716","DOIUrl":"https://doi.org/10.5555/2147671.2147716","url":null,"abstract":"NetFlow is the de-facto protocol used to collect IP traffic information by categorizing packets in flows and obtain important flow information, such as IP address, TCP/UDP ports, byte counts. With information obtained from NetFlow, IT managers can gain insights into the activities in the network. NetFlow has become a key tool for network troubleshooting, capacity planning, and anomaly detection. Due to its nature to examine every packet, NetFlow is often implemented on expensive custom ASIC or else suffer major performance hit for packet forwarding, thus limit the adoption. NetFlow-Lite bridges the gap as a lower-cost solution, providing the network visibility similar to those delivered by NetFlow. This paper describes the architecture and implementation of NetFlow-Lite, and how it integrates with nProbe to provide a scalable and easy-to-adopt solution. The validation phase carried on Catalyst 4948E switches has demonstrated that NetFlow-Lite can efficiently monitor high-speed networks and deliver results similar to those provided by NetFlow with satisfactory accuracy.","PeriodicalId":178441,"journal":{"name":"2011 7th International Conference on Network and Service Management","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126828861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A significant part of current attacks on the Internet comes from compromised hosts that, usually, take part in botnets. Even though bots themselves can be distributed all over the world, there is evidence that most of the malicious hosts are, in fact, concentrated in small fractions of the IP address space, on certain networks. Based on that, the Bad Neighborhood concept was introduced. The general idea of Bad Neighborhoods is to rate a subnetwork by the number of malicious hosts that have been observed in that subnetwork. Even though Bad Neighborhoods were successfully employed in mail filtering, the very concept was not investigated in further details. Therefore, in this work we provide a closer look on it, by proposing four definitions for spam-based Bad Neighborhoods that take into account the way spammers operate. We apply the definitions to real world data sets and show that they provide valuable insight into the behavior of spammers and the networks hosting them. Among our findings, we show that 10% of the Bad Neighborhoods are responsible for the majority of spam.
{"title":"Internet Bad Neighborhoods: The spam case","authors":"G. Moura, R. Sadre, A. Pras","doi":"10.5555/2147671.2147681","DOIUrl":"https://doi.org/10.5555/2147671.2147681","url":null,"abstract":"A significant part of current attacks on the Internet comes from compromised hosts that, usually, take part in botnets. Even though bots themselves can be distributed all over the world, there is evidence that most of the malicious hosts are, in fact, concentrated in small fractions of the IP address space, on certain networks. Based on that, the Bad Neighborhood concept was introduced. The general idea of Bad Neighborhoods is to rate a subnetwork by the number of malicious hosts that have been observed in that subnetwork. Even though Bad Neighborhoods were successfully employed in mail filtering, the very concept was not investigated in further details. Therefore, in this work we provide a closer look on it, by proposing four definitions for spam-based Bad Neighborhoods that take into account the way spammers operate. We apply the definitions to real world data sets and show that they provide valuable insight into the behavior of spammers and the networks hosting them. Among our findings, we show that 10% of the Bad Neighborhoods are responsible for the majority of spam.","PeriodicalId":178441,"journal":{"name":"2011 7th International Conference on Network and Service Management","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125117155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Although fingerprinting techniques are helpful for security assessment, they have limited support to advanced security related applications. We have developed a new security framework focusing especially on the authentication reinforcement and the automatic generation of stateful firewall rules based on behavioral fingerprinting. Such fingerprinting is highly effective in capturing sequential patterns in the behavior of a device. A new machine learning technique is also adapted to monitor high speed networks by evaluating both computational complexity and experimented performances.
{"title":"Enforcing security with behavioral fingerprinting","authors":"J. François, R. State, T. Engel, O. Festor","doi":"10.5555/2147671.2147682","DOIUrl":"https://doi.org/10.5555/2147671.2147682","url":null,"abstract":"Although fingerprinting techniques are helpful for security assessment, they have limited support to advanced security related applications. We have developed a new security framework focusing especially on the authentication reinforcement and the automatic generation of stateful firewall rules based on behavioral fingerprinting. Such fingerprinting is highly effective in capturing sequential patterns in the behavior of a device. A new machine learning technique is also adapted to monitor high speed networks by evaluating both computational complexity and experimented performances.","PeriodicalId":178441,"journal":{"name":"2011 7th International Conference on Network and Service Management","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129928703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jianwen Chen, R. Childress, Iain Mcintosh, George Africa, Arthur Sitaramayya
In this paper, we are proposing a four-layer enterprise architecture model for service management. The aim of the proposed architecture is to provide a framework for the automated, centralized, real-time enterprise service management solution. We developed a component model to address the functional requirements for different integrated service management functions.
{"title":"A service management architecture component model","authors":"Jianwen Chen, R. Childress, Iain Mcintosh, George Africa, Arthur Sitaramayya","doi":"10.5555/2147671.2147725","DOIUrl":"https://doi.org/10.5555/2147671.2147725","url":null,"abstract":"In this paper, we are proposing a four-layer enterprise architecture model for service management. The aim of the proposed architecture is to provide a framework for the automated, centralized, real-time enterprise service management solution. We developed a component model to address the functional requirements for different integrated service management functions.","PeriodicalId":178441,"journal":{"name":"2011 7th International Conference on Network and Service Management","volume":"220 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133344105","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Mau, A. Vashist, A. Poylisher, R. Chadha, C. Chiang
Network QoS control is generally difficult due to the complexity, dynamism, and limited measurability of networks. As an alternative, we seek a network phenomenon that is simple, universal and consequential to control. The result is a framework for proactive dynamic network congestion control that is based on the science of continuous phase transition. Key beneficial properties of continuous phase transition are its early onset warning signs and universality. The former allows the detection of proximity to congestion before its occurrence; while the latter implies that any criticality-based network control would likely be insensitive to network details and, in particular, not require any a-priori knowledge of the values of critical loads. Preliminary experimental results demonstrating these promises are presented.
{"title":"Criticality avoidance: A new paradigm for congestion control based on science of phase transition","authors":"S. Mau, A. Vashist, A. Poylisher, R. Chadha, C. Chiang","doi":"10.5555/2147671.2147720","DOIUrl":"https://doi.org/10.5555/2147671.2147720","url":null,"abstract":"Network QoS control is generally difficult due to the complexity, dynamism, and limited measurability of networks. As an alternative, we seek a network phenomenon that is simple, universal and consequential to control. The result is a framework for proactive dynamic network congestion control that is based on the science of continuous phase transition. Key beneficial properties of continuous phase transition are its early onset warning signs and universality. The former allows the detection of proximity to congestion before its occurrence; while the latter implies that any criticality-based network control would likely be insensitive to network details and, in particular, not require any a-priori knowledge of the values of critical loads. Preliminary experimental results demonstrating these promises are presented.","PeriodicalId":178441,"journal":{"name":"2011 7th International Conference on Network and Service Management","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114498873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: