Abstract
As computer networks grow in size and complexity, monitoring them becomes more challenging. In order to meet the needs of IT administrators maintaining such networks, various Network Monitoring Systems (NMS) have been developed. Most NMSs rely solely on active scanning techniques in order to detect the topology of the networks they monitor. We propose a passive scanning solution using the logs produced by the systems within the networks. Additionally, we demonstrate how passive monitoring can be used to develop a holistic knowledge graph of the network landscape.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Amir Azodi, David Jaeger, Feng Cheng, and Christoph Meinel. A New Approach to Building a Multi-Tier Direct Access Knowledge Base For IDS/SIEM Systems. In Proceedings of the 11th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2013), Chengdu, China, December 2013.
Amir Azodi, David Jaeger, Feng Cheng, and Christoph Meinel. Pushing the Limits in Event Normalisation to Improve Attack Detection in IDS/SIEM Systems. In Proceedings of the First International Conference on Advanced Cloud and Big Data (CBD2013), Nanjing, China, December 2013.
Srinivas Basa and Naveen Ganji. Enhanced NMS Tool Architecture for Discovery and Monitoring of Nodes. PhD thesis, Master Thesis Computer Science Thesis no: MCS-2008-15 January 2008, 2008.
A.B. Bondi. Network management system with improved node discovery and monitoring, January 20 1998. US Patent 5,710,885.
Jeffery Case, Mark Fedor, Martin Schoffstall, and C Davin. A simple network management protocol (snmp), 1989.
Antonios G Danalis and Constantinos Dovrolis. Anemos: An autonomous network monitoring system. PhD thesis, University of Delaware, 2003.
Budhaditya Deb, Sudeept Bhatnagar, and Badri Nath. A topology discovery algorithm for sensor networks with applications to network management. 2002.
Nagios Enterprises. Nagios XI the industry standard in it infrastructure monitoring, 2014.
Rainer Gerhards. The Syslog Protocol. RFC 5424 (Proposed Standard), March 2009.
Hewlett-Packard. Arcsight security intelligence platform. http://www.ndm.net/ siem/main/arcsight-siem.
Insecure.Org. Nmap security scanner, 2014. [Online; accessed 14-August-2014].
Logstash. Logstash.
The DNS-BH project. Malware prevention through domain blocking (black hole dns sinkhole), 2014. [Online; accessed 11-August-2014].
David Reid and Steve Blizzard. Standards-based secure management of networks, systems, applications and services using snmpv3 and hp openview, 2006. [Online; accessed 11-August-2014].
Splunk Inc. Splunk Enterprise. http://www.splunk.com/, 2003.
TORCH GmbH. Graylog2 Central Log Server. http://www.graylog2.org/.
TORCH GmbH. Graylog Extended Log Format (version 1.1). Web Site, November 2013.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Azodi, A., Jaeger, D., Cheng, F., Meinel, C. (2015). Passive Network Monitoring using REAMS. In: Kim, K. (eds) Information Science and Applications. Lecture Notes in Electrical Engineering, vol 339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46578-3_24
Download citation
DOI: https://doi.org/10.1007/978-3-662-46578-3_24
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46577-6
Online ISBN: 978-3-662-46578-3
eBook Packages: EngineeringEngineering (R0)