Abstract | Network awareness is highly critical for network and se-curity administrators. It enables informed planning and
management of network resources, as well as detection
and a comprehensive understanding of malicious activ-
ity. It requires a set of tools to efficiently collect, process,
and represent network data. While many such tools al-
ready exist, there is no flexible and practical solution for
visualizing network activity at various granularities, and
quickly gaining insights about the status of network as-
sets. To address this issue, we developed Nfsight, a Net-
Flow processing and visualization application designed
to offer a comprehensive network awareness solution.
Nfsight constructs bidirectional flows out of the unidi-
rectional NetFlow flows and leverages these bidirectional
flows to provide client/server identification and intrusion
detection capabilities. We present in this paper the in-
ternal architecture of Nfsight, the evaluation of the ser-
vice, and intrusion detection algorithms. We illustrate
the contributions of Nfsight through several case studies
conducted by security administrators on a large univer-
sity network.
|