Security Applications of cflowd
Time-domain Aggregations Permit New Analyses
We will archive months of raw logs in a database which will
permit new analyses.
Detection of sparse, long-term network and host scanning activities.
- Intruders perform very long duration scans which elude aggregation
windows of most monitoring tools.
Perform traffic predictability, profiling, and anomaly detection,
- site-specific traffic may be sufficiently predictable
- correlation analysis
- visualization?