Practical Experience with IPFIX Flow Collectors

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F13%3A10130163" target="_blank" >RIV/63839172:_____/13:10130163 - isvavai.cz</a>

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Practical Experience with IPFIX Flow Collectors

Popis výsledku v původním jazyce

As the number of Internet applications grows, the number of applications that use data encapsulation increases as well. Flow monitoring using NetFlow version 5 or 9 is only able to analyze the encapsulating protocol, therefore it becomes too limited to detect new threats. For this reason, more thorough knowledge of such traffic is needed. The IPFIX protocol can be used in such situations, because it provides enough flexibility for monitoring tools to be extended by new elements. Along with greater flexibility, IPFIX support results in a higher performance footprint on collectors and tools for querying the collected data. Currently, there is a lack of flow collection frameworks with IPFIX support that would allow flow data to be extended. The aim of this paper is to compare open-source flow collectors that provide support for the IPFIX protocol. We focus on evaluating performance of query tools and the level of IPFIX support provided by the collection frameworks.

Název v anglickém jazyce

Practical Experience with IPFIX Flow Collectors

Popis výsledku anglicky

As the number of Internet applications grows, the number of applications that use data encapsulation increases as well. Flow monitoring using NetFlow version 5 or 9 is only able to analyze the encapsulating protocol, therefore it becomes too limited to detect new threats. For this reason, more thorough knowledge of such traffic is needed. The IPFIX protocol can be used in such situations, because it provides enough flexibility for monitoring tools to be extended by new elements. Along with greater flexibility, IPFIX support results in a higher performance footprint on collectors and tools for querying the collected data. Currently, there is a lack of flow collection frameworks with IPFIX support that would allow flow data to be extended. The aim of this paper is to compare open-source flow collectors that provide support for the IPFIX protocol. We focus on evaluating performance of query tools and the level of IPFIX support provided by the collection frameworks.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/LM2010005" target="_blank" >LM2010005: Velká infrastruktura CESNET</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2013

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013)

ISBN

978-1-4673-5229-1

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

1021-1026

Název nakladatele

IEEE Xplore Digital Library

Místo vydání

Ghent, Belgium

Místo konání akce

Gent, Belgie

Datum konání akce

27. 5. 2013

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—