Design and Implementation of an Anomaly Detection System for the GÉANT2 Network: a Statistical Approach
Traffic monitoring based on IP flows has become an indispensable tool for network administrators and managers. The existing de facto standard - Cisco NetFlow - is used in diverse application areas such as security analysis, intrusion detection, traffic engineering, network planning, statistics and accounting. There are several tools that were developed to monitor, collect and analyse net flow. However, making deductions from the net flow data about network anomalies is a tedious task and requires skill and expertise. This presentation describes an extension to the nfsen NetFlow processing engine as part of the toolset for the Joint Research Activity 2 (Security). It uses past statistical data to help the network operators to spot anomalies more easily.
This presentation is part of session 7C - Catch Me If You Can!.