SCRIPT: A framework for Scalable Real-time IP Flow Record Analysis

Morariu, Cristian; Racz, Peter; Stiller, Burkhard

doi:10.1109/noms.2010.5488476

Cited by 9 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The evaluation of two of the main mechanisms developed in this thesis named SCRIPT [8] and DiCAP [9] are briefly sum marized here. The main purpose of SCRIPT is to distribute IPFIX records to several machines according to rules required by an analysis application.…”

Section: Discussionmentioning

confidence: 99%

An open architecture for distributed IP traffic analysis (DITA)

Morariu

Stiller

2011

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

Self Cite

View full text Add to dashboard Cite

This thesis investigated how performance of today's IP traffic metering and analysis applications can be improved by moving from a centralized, high-performance infrastructure, which executes these tasks, to distributed mechanisms, which combine available resources of multi ple devices. The results achieved show that distributed IP traffic metering and analysis leverages bottleneck prob lems. The distributed IP traffic approach DITA does not solve all problems of handling such large amounts of data in very short time by itself, but proposes an orthogonal approach to existing solutions. DITA revelas that combin ing distributed IP traffic metering and analysis reaches better and higher performance sampling and aggregation mechanisms, which do provide a very flexible and the open solution to analyzing IP traffic in future high-speed net works. This has been achieved by the facts that all mecha nisms designed for DITA -and their prototypical implementations -are based on standard protocols and open-source technologies. DITA determines the first approach to distributed IP traffic metering and analysis known today, which (a) addresses the different bottlenecks of traffic analysis in a generic way, and (b) is self-organiz ing, offering a scalable solution to regular traffic increases.

show abstract

Section: Discussionmentioning

confidence: 99%

An open architecture for distributed IP traffic analysis (DITA)

Morariu

Stiller

2011

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

Self Cite

View full text Add to dashboard Cite

show abstract

“…Even more performance improvements can be achieved by deploying multiple flow collectors and distributing the data between them. This, however, requires some management system that decides how data is distributed (for an example, see [71]).…”

Section: A Storage Formatsmentioning

confidence: 99%

Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX

Hofstede

Čeleda

Trammell

et al. 2014

IEEE Commun. Surv. Tutorials

347

176

View full text Add to dashboard Cite

Flow monitoring has become a prevalent method for monitoring traffic in high-speed networks. By focusing on the analysis of flows, rather than individual packets, it is often said to be more scalable than traditional packet-based traffic analysis. Flow monitoring embraces the complete chain of packet observation, flow export using protocols such as NetFlow and IPFIX, data collection, and data analysis. In contrast to what is often assumed, all stages of flow monitoring are closely intertwined. Each of these stages therefore has to be thoroughly understood, before being able to perform sound flow measurements. Otherwise, flow data artifacts and data loss can be the consequence, potentially without being observed. This paper is the first of its kind to provide an integrated tutorial on all stages of a flow monitoring setup. As shown throughout this paper, flow monitoring has evolved from the early nineties into a powerful tool, and additional functionality will certainly be added in the future. We show, for example, how the previously opposing approaches of Deep Packet Inspection and flow monitoring have been united into novel monitoring approaches.

show abstract

“…In [10] and [24] the authors show that sampling algorithms negatively influence the performance of intrusion detection systems. The SCRIPT framework [26] uses a peerto-peer overlay in order to store and process flow records in multiple nodes, and thus, increase the throughput of the traffic analyzing system.…”

Section: Related Workmentioning

confidence: 99%

Optimization of flow record handling by applying a decentralized cooperative semantic caching approach

Vancea

d’Orazio

Stiller

2012

2012 IEEE Network Operations and Management Symposium

View full text Add to dashboard Cite

Analyzing IP traffic is an important task on which many network management applications are based. Cisco's NetFlow system is one of the most widely used approaches for accomplishing a measurement and collection of flow records, needed to analyze traffic. Working with NetFlow means to involve very large amounts of data, while the collection, storing, and enabling of analyzers demands the access to this data in the fastest possible manner. Thus, this paper addresses this challenging task and presents a newly developed cooperative caching approach (CoopSC) that can be used to improve access time and data transfers between the centralized flow-based storage solution and those analyzers in operation. Such an improvement can positively influence the performance of flow-based solutions. Therefore, this approach NMCoopSC (Network Management CoopSC) has been validated, and experiments show that NMCoopSC improves the performance of NetFlow-based range queries.

show abstract

SCRIPT: A framework for Scalable Real-time IP Flow Record Analysis

Cited by 9 publications

References 21 publications

An open architecture for distributed IP traffic analysis (DITA)

An open architecture for distributed IP traffic analysis (DITA)

Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX

Optimization of flow record handling by applying a decentralized cooperative semantic caching approach

Contact Info

Product

Resources

About