A Scalable High Performance Network Monitoring Agent for CERNET
In a cost-effective way, collecting and analyzing data from such a nationwide operational network as China Education and Research Network (CERNET) is an increasingly challenging task. This paper presents experience gained in designing and implementing a passive monitoring agent applicable to CERNET, which helps to cooperate not only with network intrusion detection system (IDS), network management system (NMS) for detecting and identifying signs of malicious activities, non-malicious failures and other exceptional events in real-time, but provides anomaly information to accounting and billing system (ABS) so as to make it healthy. This agent is characterized by a high performance data collecting facility and a methodology of real-time data correlation and analysis. A customized agent can be deployed on a particular link of CERNET for monitoring network dynamically. The paper will discuss how to conflate,correlate, associate and refine measurement data to discriminate anomalies such as DoS from normal traffic,and how to respond to the anomalies for the purpose of operational networks health. It concludes with experiences learned from the development and deployment of the agent and ongoing research work.
Passive Monitoring Traffic Collection Packet Classification Data Mining Intrusion Detection
ZHANG,Hui LI,Xing LI,Zimu
CERNET Network Research Center Tsinghua University, Beijing, 100084, China
国际会议
成都
英文
151-156
2003-08-27(万方平台首次上网日期,不代表论文的发表时间)