Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Presentation

Merging Network Configuration and Network Traffic Data in ISP-Level Analyses

  • January 2016
  • By Timothy J. Shimeall3443
  • This presentation was given in January 2016 at FloCon, a network security conference that provides a forum for large-scale network flow analytics.
  • Network Situational Awareness
  • Publisher: CERT Division
  • Abstract

    The wealth of network data available to analysts is increasing steadily. This data often takes multiple forms: observations of network traffic (specifically network flow records), network population data (numbers of hosts, sometimes typified by operating system), and network architecture data (routing structure, topology information), among others. Population and architecture data is often provided via network configuration or management utilities. This presentation looks at merging this data to support a variety of analyses. The approach to this merger is first addressed broadly and then detailed in several specific examples. Along the way, several barriers to the merger are identified and workarounds are discussed. The presentation concludes with some practical tips for  undertaking such merger.
  • Download

Part of a Collection

FloCon 2016 Presentations