Visualization of large scale Netflow data
MetadataShow full item record
Networks are forwarding more and more data every year, thus its harder to reveal malicious traffic among all of it. Current systems might not be capable of keeping up with the rapid pace of the growth, and might not be able to separate ill-willed from harmless traffic, or point out to many false positives and not be of much use.Cisco ́s NetFlow standard is used to monitor networks, and due to its versatility it can be used to reveal several interesting things about a network, such as Distributed Denial of Service (DDoS)-attacks or port scans.In this paper I will compare the current solution up against a visual solution developed for this thesis. Carefully choosing different visual elements to represent NetFlow data as clear as possible using the D3.js framework. Using nfdump it is possible to extract specific information and export it into files readable by D3.js code.The solution was tested with large amounts of data to test if it served its purpose. It was possible to see clear patterns in the data showing the network behavior was repeating itself. It was able to point out abnormalities where single Internet Protocol (IP)-addresses suddenly receives atypical amounts of traffic either distributed across thousands of ports or just to one single one. Since the data is anonymized it is hard to point out what the reason for the peaks in traffic, but shows the solution serves its purpose to separate the irregular from the harmless traffic.Through further testing it was concluded that the solution has great purpose, but cannot serve as a stand alone solution due to its limitations for going into very specific details while still being intuitive and easy to use. But its functionality complements a text-based solution very well by removing a lot of the resource and time consuming commands that would be done in the command-line.