Open Access
Cisco Systems NetFlow Services Export Version 9
Benoit Claise
- Vol. 3954, pp 1-33
TLDR
This document specifies the data export format for version 9 of Cisco Systems' NetFlow services, for use by implementations on the network elements and/or matching collector programs.Abstract:
This document specifies the data export format for version 9 of Cisco
Systems' NetFlow services, for use by implementations on the
network elements and/or matching collector programs. The version 9
export format uses templates to provide access to observations of IP
packet flows in a flexible and extensible manner. A template defines a
collection of fields, with corresponding descriptions of structure and
semantics. This memo provides information for the Internet community.read more
Citations
More filters
Proceedings ArticleDOI
BotFinder: finding bots in network traffic without deep packet inspection
TL;DR: The results show that BotFinder is able to detect bots in network traffic without the need of deep packet inspection, while still achieving high detection rates with very few false positives.
Proceedings Article
CSAMP: a system for network-wide flow monitoring
Vyas Sekar,Michael K. Reiter,Walter Willinger,Hui Zhang,Ramana Rao Kompella,David G. Andersen +5 more
TL;DR: This paper shows that CSAMP achieves much greater monitoring coverage, better use of router resources, and enhanced ability to satisfy network-wide flow monitoring goals compared to existing solutions.
Proceedings ArticleDOI
Identifying Encrypted Malware Traffic with Contextual Flow Data
Blake Anderson,David McGrew +1 more
TL;DR: This work develops supervised machine learning models that take advantage of a unique and diverse set of network flow data features and shows that incorporating this contextual information into a supervised learning system significantly increases performance at a 0.00% false discovery rate for the problem of classifying encrypted, malicious flows.
Proceedings ArticleDOI
Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity
Blake Anderson,David McGrew +1 more
TL;DR: This paper designs and carries out experiments that show how six common algorithms perform when confronted with real network data, and identifies the situations in which certain classes of algorithms underperform on the task of encrypted malware traffic classification.
Proceedings ArticleDOI
OpenSample: A Low-Latency, Sampling-Based Measurement Platform for Commodity SDN
TL;DR: OpenSample is a low-latency, sampling-based network measurement platform targeted at building faster control loops for software-defined networks and provides up to a 150% throughput improvement over both static equal-cost multi-path routing and a polling-based solution with a one second control loop.