Skip to Main content Skip to Navigation
Conference papers

Mining NetFlow Records for Critical Network Activities

Abstract : Current monitoring of IP flow records is challenged by the required analysis of large volume of flow records. Finding essential information is equivalent to searching for a needle in a haystack. This analysis can reach from simple counting of basic flow level statistics to complex data mining techniques. Some key target objectives are for instance the identification of malicious traffic as well as tracking the cause of observed flow related events. This paper investigates the usage of link analysis based methods for ranking IP flow records. We leverage the well known HITS algorithm in the context of flow level dependency graphs. We assume a simple dependency model that can be build in the context of large scale IP flow record data. We apply our approach on several datasets, ranging from ISP captured flow records up to forensic packet captures from a real world intrusion.
Document type :
Conference papers
Complete list of metadata

Cited literature [15 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, August 20, 2014 - 12:20:44 PM
Last modification on : Friday, November 8, 2019 - 3:06:02 PM
Long-term archiving on: : Thursday, November 27, 2014 - 11:37:41 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Shaonan Wang, Radu State, Mohamed Ourdane, Thomas Engel. Mining NetFlow Records for Critical Network Activities. 4th International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2010, Zurich, Switzerland. pp.135-146, ⟨10.1007/978-3-642-13986-4_20⟩. ⟨hal-01056635⟩



Record views


Files downloads