Large-Scale Geolocation for NetFlow

Authors

ČELEDA Pavel VELAN Petr RÁBEK Martin HOFSTEDE Rick PRAS Aiko

Year of publication 2013
Type Article in Proceedings
Conference IFIP/IEEE International Symposium on Integrated Network Management (IM 2013)
MU Faculty or unit

Institute of Computer Science

Citation
Field Informatics
Keywords geolocation; GeoIP; ISO 3166; NetFlow; NFDUMP; NfSen; security; detection; anomaly
Attached files
Description Current approaches perform geolocation mostly on-demand and in a small-scale fashion. As soon as geolocation needs to be performed in real-time in high-speed and large-scale networks, these approaches are not scalable anymore. To solve this problem, we propose two approaches to large-scale geolocation. Firstly, we present an exporter-based approach, which adds geolocation data to flow records in a way that is transparent to any flow collector. Secondly, we present a flow collector-based approach, which adds native geolocation to NetFlow data from any flow exporter. After presenting prototypes for both approaches, we demonstrate the applicability of large-scale geolocation by means of use cases.

You are running an old browser version. We recommend updating your browser to its latest version.

More info