search menu icon-carat-right cmu-wordmark

CANINE: A NetFlows Converter/Anonymizer Tool for Format Interoperability and Secure Sharing (White Paper)

September 2005 White Paper
Katherine Luo (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), Yifan Li (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign)

In this paper, the authors introduce a tool to address two problems with using Net-Flow logs for security analysis.

Publisher:

Software Engineering Institute

Abstract

We created a tool to address two problems with using Net-Flows logs for security analysis: (1) NetFlows come in multiple, incompatible formats, and (2) the sensitivity of Net-Flow logs can hinder the sharing of these logs. We call the NetFlow converter and anonymizer that we created to address these problems CANINE: Converter and ANonymizer for Investigating Netflow Events). This paper demonstrates the use of CANINE in detail.