Abstract : Network monitoring produces high volume of data that must be analyzed ideally in near real-time to support network security operations. It is possible to process the data using Big Data frameworks, however, such approach requires adaptation or complete redesign of processing tools to get the same results. This paper elaborates on a parallel processing based on splitting a stream of flow records. The goal is to create subsets of traffic that contain enough information for parallel anomaly detection. The paper describes a methodology based on so called witnesses that helps to scale up without any need to modify existing algorithms.
https://hal.inria.fr/hal-01806065 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Friday, June 1, 2018 - 4:01:24 PM Last modification on : Tuesday, January 19, 2021 - 10:16:03 AM Long-term archiving on: : Sunday, September 2, 2018 - 3:38:32 PM
Tomáš Čejka, Martin Žádnik. Preserving Relations in Parallel Flow Data Processing. 11th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jul 2017, Zurich, Switzerland. pp.153-156, ⟨10.1007/978-3-319-60774-0_14⟩. ⟨hal-01806065⟩