13

Security Applications of cflowd
Time-domain Aggregations Permit New Analyses

    We will archive months of raw logs in a database which will permit new analyses.

    Detection of sparse, long-term network and host scanning activities.
    • Intruders perform very long duration scans which elude aggregation windows of most monitoring tools.

    Perform traffic predictability, profiling, and anomaly detection,
    • site-specific traffic may be sufficiently predictable
    • correlation analysis
    • visualization?