Proceedings ArticleDOI
Experience Using Active and Passive Mapping for Network Situational Awareness
Seth Webster,Richard P. Lippmann,M.A. Zissman +2 more
- pp 19-26
TLDR
Deploying passive mapping on an enterprise network does not reduce the need for timely active scans due to non-overlapping coverage and potentially long discovery times.Abstract:
Passive network mapping has often been proposed as an approach to maintain up-to-date information on networks between active scans. This paper presents a comparison of active and passive mapping on an operational network. On this network, active and passive tools found largely disjoint sets of services and the passive system took weeks to discover the last 15% of active services. Active and passive mapping tools provided different, not complimentary information. Deploying passive mapping on an enterprise network does not reduce the need for timely active scans due to non-overlapping coverage and potentially long discovery times.read more
Citations
More filters
Nfsight: netflow-based network awareness tool
TL;DR: The internal architecture of Nfsight, the evaluation of the service, and intrusion detection algorithms are presented, and several case studies conducted by security administrators on a large university network are illustrated.
Proceedings ArticleDOI
Understanding passive and active service discovery
TL;DR: The accuracy of passive and active approaches to service discovery are compared and it is shown that they are complimentary, highlighting the need for multiple active scans coupled with long-duration passive monitoring.
Proceedings ArticleDOI
Improving accuracy of applications fingerprinting on local networks using NMAP-AMAP-ETTERCAP as a hybrid framework
TL;DR: The main objective of this paper is to propose possibility of enhancing the detection process of the host profiling, applications/ services fingerprinting and the methods of host identification by exploiting sophisticated process of application layer protocol payloads by active and passive fingerprinting tools.
Dissertation
Event-driven Principles and Complex Event Processing for Self-adaptive Network Analysis and Surveillance Systems
TL;DR: This thesis proposes an approach which leverages event-driven paradigms such as EDA and CEP for addressing the complex mix of requirements in this field and for enabling convergence of the various existing methods.
Proceedings ArticleDOI
PANEMOTO: Network Visualization of Security Situational Awareness Through Passive Analysis
TL;DR: It is shown how Panemoto enumerates, describes, and characterizes all network components, including devices and connected networks, and delivers an accurate representation of the function of devices and logical connectivity of networks.
References
More filters
Journal ArticleDOI
Self-similarity in World Wide Web traffic: evidence and possible causes
Mark Crovella,Azer Bestavros +1 more
TL;DR: It is shown that the self-similarity in WWW traffic can be explained based on the underlying distributions of WWW document sizes, the effects of caching and user preference in file transfer, the effect of user "think time", and the superimposition of many such transfers in a local-area network.
Journal ArticleDOI
Self-similarity in World Wide Web traffic: evidence and possible causes
Mark Crovella,Azer Bestavros +1 more
TL;DR: It is shown that the self-similarity in WWW traffic can be explained based on the underlying distributions of WWW document sizes, the effects of caching and user preference in file transfer, the effect of user "think time", and the superimposition of many such transfers in a local area network.
Journal ArticleDOI
Analyzing peer-to-peer traffic across large networks
Subhabrata Sen,Jia Wang +1 more
TL;DR: The high volume and good stability properties of P2P traffic suggests that the P1P workload is a good candidate for being managed via application-specific layer-3 traffic engineering in an ISP's network.
Empirically-Derived Analytic Models of Wide-Area TCP Connections: Extended Report
TL;DR: Overall it is found that the analytic models provide good descriptions, generally modeling the various distributions as well as empirical models and in some cases better.
Journal ArticleDOI
Empirically derived analytic models of wide-area TCP connections
TL;DR: In this paper, the authors analyzed 3 million TCP connections that occurred during 15 wide-area traffic traces, collected at five "stub" networks and two internetwork gateways, providing a diverse look at wide area traffic.