Flow-Based Analysis: Through Quicksand into the Quicksand

Speaker:

Rick Hofstede

Date:

21 October 2011

Time:

12:30

Room:

Zi-5126

Abstract:

Network flows have been used in the last decade for several applications, such as accounting and security. As more and more applications rely on flow data, it becomes of primary importance to gain a better understanding of the behavior of flow exporters and how this affects the exported data. In this talk I'll focus my attention on flow data exported by a well-known Cisco NetFlow platform, by highlighting the presence of several types of data artifacts. These artifacts range from counter inaccuracies to missing flow records. In order to understand the causes of these artifacts, several internals of the considered platform will be outlined.