Information Technology Reference
In-Depth Information
onto an intuitive image with adaptive colour gradients. To proof the validity of
this method, two different data sets were applied to PeekKernelFlows. The first
data set is originated from an ISP and the second from an High Interaction
Honeypot [10] with a vulnerable ssh-server.
Section 2 describes the different modules of the framework PeekKernelFlows.
A short description of IP flow aggregation is given, the kernel method described
and the visualization method is explained. In Section 3, the evaluation of the
monitoring framework is given. Section 4 presents relevant work in this area and
section 5 describes future work and presents the conclusions.
2 The Monitoring Framework
The following section presents the theoretical components and implemented fea-
tures of the monitoring framework PeekKernelFlows (see Fig. 1). The routers
with Netflow record exporting functionality log Netflow records from the net-
work and store them on the Collector. Then, Netflows are processed by PeekKer-
nelFlows, which has four main components. The first module,
modifed Aguri
,is
Fig. 1.
The Monitoring Framework PeekKernelFlows
the monitoring feature, which accepts Netflow records and performs the spatial-
temporal aggregation task. The
AguriProcessor
-module included the kernel
calculus model. The
AguriViz
-module maps the outcomes of the kernel calculus
onto an image by referring to an adaptive colour gradient. The
AguriUI
-module
is the interface towards the end-user of the system.
2.1 Aggregated Netflow Records in Space Over Time
η
Aguri [2] is a near real-time flow-monitoring tool that spatially aggregates IP
flows over time. The advantage is that instead of considering single flow records,
an overview on subnet layer can be given due to aggregation. This module has
Search WWH ::
Custom Search