HISTORY – HIgh Speed neTwork mOnitoRing and analYsis

Project Description

The aim of this project is to build an architecture, methods, and tools for distributed network analysis. The HISTORY analysis environment makes it possible to collect information about network traffic and its behavior in distributed high-speed network environments. The employment of standardized protocols (IETF IPFIX, PSAMP, and NSIS) results in an extensible architecture. A main objective is to develop methodologies for handling high amounts of statistics and packet data even with cheap low-end components. Visualization techniques and anonymization methods round off the big picture of a visionary environment for all network monitoring and analyzing challenges. Developed tools will be available under an open source license.

Research Goals and Objectives

  • Cooperative autonomous entities with distributed functioning
  • Emergent behavior through adaptive self-organization
  • Operation in high-speed networks while utilizing standard PC components
  • Wide application range from accounting and charging up to traffic engineering and intrusion detection
  • Anonymization techniques for wide applicability

Project Period

    2003-09-01 – 2010-06-30

Project Members

  • PD Dr.-Ing. habil. Falko Dressler
  • Dipl. Inf. Ali Fessi (Tübingen)
  • Dipl. Inf. Andreas Klenk (Tübingen)
  • Dipl. Inf. Gerhard Münz (Tübingen)
  • Dipl.-Inf. Isabel Dietrich
  • Dipl.-Inf. Tobias Limmer
  • Dipl.-Inf. Christoph Sommer

Sponsered by

  • EU (European Commission)
  • BMBF
  • AUDI AG
  • BSI

Involved Institutions

  1. Falko Dressler, Wolfgang Jaegers und Reinhard German, “Flow-based Worm Detection using Correlated Honeypot Logs,” Proc. of 15. GI/ITG Fachtagung Kommunikation in Verteilten Systemen, Bern, Switzerland, pp. 181-186, Februar 2007
  2. Falko Dressler und Gerhard Münz, “Flexible Flow Aggregation for Adaptive Network Monitoring,” Proc. of 31st IEEE Conference on Local Computer Networks : 1st IEEE LCN Workshop on Network Measurements, Tampa, Florida, USA, pp. 702-709, November 2006
  3. Jochen Kaiser, Alexander Vitzthum, Peter Holleczek und Falko Dressler, “Automated resolving of security incidents as a key mechanism to fight massive infections of malicious software,” Proc. of GI SIDAR International Conference on IT-Incident Management & IT-Forensics, Berlin, Stuttgart, Germany, pp. 92-103, Oktober 2006
  4. Ronny T. Lampert, Christoph Sommer, Gerhard Münz und Falko Dressler, “Vermont – A Versatile Monitoring Toolkit Using IPFIX/PSAMP”, Proc. of IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, Tübingen, Germany, pp. 62-65, September 2006
  5. Gerhard Münz, Albert Antony, Falko Dressler und Georg Carle, “Using Netconf for Configuring Monitoring Probes,” Proc. of 10th IFIP/IEEE Network Operations & Management Symposium, Vancouver, Canada, April 2006
  6. Falko Dressler, “Policy-based traffic generation for IP-based networks,” Proc. of 25th IEEE Conference on Computer Communications, Barcelona, Spain, April 2006
  7. Fabian Haibl und Falko Dressler, “Anonymization of Measurement and Monitoring Data: Requirements and Solutions,” in Praxis der Informationsverarbeitung und Kommunikation (PIK) Bd. 29 (4), pp. 208-213, 2006  
  8. Falko Dressler, “Adaptive network monitoring for self-organizing network security mechanisms,” Proc. of IFIP International Conference on Telecommunication Systems, Modeling and Analysis 2005, Dallas, TX, USA, pp. 67-75, November 2005
  9. Falko Dressler und Georg Carle, “HISTORY – High Speed Network Monitoring and Analysis,” Proc. of 24th IEEE Conf. on Computer Communications, Miami, FL, USA, März 2005
  10. Falko Dressler, Gerhard Münz und Georg Carle, “CATS – Cooperating Autonomous Detection Systems,” 1st IFIP TC6 WG6.6 International Workshop on Autonomic Communication, Berlin, Germany, 10