Abstract
Experiments using real traffic traces are of key importance in many network management research fields, such as traffic characterization, intrusion detection, and accounting. Access to such traces is often restricted due to privacy issues; research institutions typically have to sign non-disclosure agreements before accessing such traces from a network operator. Having such restrictions, researchers rarely have more than one source of traffic traces on which to run and validate their experiments.
Therefore, this paper develops a Distributed Platform for Sharing IP Flows (DipSIF) based on NetFlow records between multiple institutions. It is assumed that NetFlow traces collected by each participant are archived on separate storage hosts within their premises and then made available to others using a server that acts as a gateway to the storage. Due to privacy reasons the platform presented here uses a prefix-preserving, cryptography-based, and consistent anonymization algorithm in order to comply to different regulations determining the exchange of traffic traces data.
Chapter PDF
References
Argus Homepage, http://www.qosient.com/argus/ (last access, April 2009)
Baumgardt, N.: Design and Setup of a Distributed Storage Repository for NetFlow Records; Student Thesis. CSG@IFI, University of Zürich, Switzerland (March 2008)
cflowd Homepage, http://www.sdsc.edu/~woodka/cflowd.html (last access April 2009)
Cisco NetFlow Homepage: http://www.cisco.com/en/US/products/ps6601/products_iosprotocol_group_home.html (last access April 2009)
Claise, B.(ed.): Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. IETF RFC 5101 (January 2008)
DatCat, Intenet Measurement Data Catalog, http://www.datcat.org/m (last access August 2009)
EMANICS Project Homepage, http://www.emanics.org/ (last access May 2009)
Koukis, D., Antonatos, S., Antoniades, D., Trimintzios, P., Markatos, E.P.: A Generic Anonymization Framework for Network Traffic. In: IEEE International Conference on Communications (ICC 2006), Istanbul, Turkey (June 2006)
Li, Y., Slagell, A., Luo, K., Yurcik, W.: CANINE: A Combined Conversion and Anonymization Tool for Processing NetFlows for Security. In: International Conference on Telecommunication Systems, Modeling and Analysis, Dallas, Texas, USA (November 2005)
nfdump Homepage, http://nfdump.sourceforge.net/ (last access April 2009)
Plonka, D.: FlowScan: A Network Traffic Flow Reporting and Visualization Tool. In: 14th USENIX Conference on System Administration, New Orleans, Louisiana, USA, December 2000, pp. 305–318 (2000)
TCPDpriv Homepage, http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html (last access April 2009)
Tcpdump Homepage, http://www.tcpdump.org/ (last access May 2009)
Xu, J., Fan, J., Ammar, M., Moon, S.B.: On the Design and Performance of Prefix-preserving IP Traffic Trace Anonymization. In: 1st ACM SIGCOMM Workshop on Internet Measurement (IMW 2001), San Francisco, California, USA, November 2001, pp. 263–266 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Morariu, C., Racz, P., Stiller, B. (2009). Design and Implementation of a Distributed Platform for Sharing IP Flow Records. In: Bartolini, C., Gaspary, L.P. (eds) Integrated Management of Systems, Services, Processes and People in IT. DSOM 2009. Lecture Notes in Computer Science, vol 5841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04989-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-04989-7_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04988-0
Online ISBN: 978-3-642-04989-7
eBook Packages: Computer ScienceComputer Science (R0)