{"title":"一个可扩展的高性能CERNET网络监控代理","authors":"Zhang Hui, Li Xing, Li Zimu","doi":"10.1109/PDCAT.2003.1236277","DOIUrl":null,"url":null,"abstract":"In a cost-effective way, collecting and analyzing data from such a nationwide operational network as China Education and Research Network (CERNET) is an increasingly challenging task. We present experience gained in designing and implementing a passive monitoring agent applicable to CERNET, which helps to cooperate not only with network intrusion detection system (IDS), network management system (NMS) for detecting and identifying signs of malicious activities, nonmalicious failures and other exceptional events in real-time, but provides anomaly information to accounting and billing system (ABS) so as to make it healthy. This agent is characterized by a high performance data collecting facility and a methodology of real-time data correlation and analysis. A customized agent can be deployed on a particular link of CERNET for monitoring network dynamically. We discuss how to conflate, correlate, associate and refine measurement data to discriminate anomalies such as DoS from normal traffic, and how to respond to the anomalies for the purpose of operational network's health. It concludes with experiences learned from the development and deployment of the agent and ongoing research work.","PeriodicalId":145111,"journal":{"name":"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"A scalable high performance network monitoring agent for CERNET\",\"authors\":\"Zhang Hui, Li Xing, Li Zimu\",\"doi\":\"10.1109/PDCAT.2003.1236277\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In a cost-effective way, collecting and analyzing data from such a nationwide operational network as China Education and Research Network (CERNET) is an increasingly challenging task. We present experience gained in designing and implementing a passive monitoring agent applicable to CERNET, which helps to cooperate not only with network intrusion detection system (IDS), network management system (NMS) for detecting and identifying signs of malicious activities, nonmalicious failures and other exceptional events in real-time, but provides anomaly information to accounting and billing system (ABS) so as to make it healthy. This agent is characterized by a high performance data collecting facility and a methodology of real-time data correlation and analysis. A customized agent can be deployed on a particular link of CERNET for monitoring network dynamically. We discuss how to conflate, correlate, associate and refine measurement data to discriminate anomalies such as DoS from normal traffic, and how to respond to the anomalies for the purpose of operational network's health. It concludes with experiences learned from the development and deployment of the agent and ongoing research work.\",\"PeriodicalId\":145111,\"journal\":{\"name\":\"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-10-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PDCAT.2003.1236277\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDCAT.2003.1236277","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A scalable high performance network monitoring agent for CERNET
In a cost-effective way, collecting and analyzing data from such a nationwide operational network as China Education and Research Network (CERNET) is an increasingly challenging task. We present experience gained in designing and implementing a passive monitoring agent applicable to CERNET, which helps to cooperate not only with network intrusion detection system (IDS), network management system (NMS) for detecting and identifying signs of malicious activities, nonmalicious failures and other exceptional events in real-time, but provides anomaly information to accounting and billing system (ABS) so as to make it healthy. This agent is characterized by a high performance data collecting facility and a methodology of real-time data correlation and analysis. A customized agent can be deployed on a particular link of CERNET for monitoring network dynamically. We discuss how to conflate, correlate, associate and refine measurement data to discriminate anomalies such as DoS from normal traffic, and how to respond to the anomalies for the purpose of operational network's health. It concludes with experiences learned from the development and deployment of the agent and ongoing research work.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
