Concurrent monitoring environment for obtaining IPFIX flow and signature based IDS alert data

Abstract

The aim of this paper is to introduce and untangle the operating model of a network monitoring environment that handles flow and signature based techniques side by side on a large-scale campus network. This paper introduces one approach for solving the problematic creation of standard-based flow information and signature alarms in tandem from large-scale network traffic. The operating model takes into account cost efficiency, trustworthy and privacy protection. Due to the Privacy Protection Act and local laws, data analysis is made after traffic anonymization.