Large-Scale Geolocation for NetFlow
Authors | |
---|---|
Year of publication | 2013 |
Type | Article in Proceedings |
Conference | IFIP/IEEE International Symposium on Integrated Network Management (IM 2013) |
MU Faculty or unit | |
Citation | |
Field | Informatics |
Keywords | geolocation; GeoIP; ISO 3166; NetFlow; NFDUMP; NfSen; security; detection; anomaly |
Attached files | |
Description | Current approaches perform geolocation mostly on-demand and in a small-scale fashion. As soon as geolocation needs to be performed in real-time in high-speed and large-scale networks, these approaches are not scalable anymore. To solve this problem, we propose two approaches to large-scale geolocation. Firstly, we present an exporter-based approach, which adds geolocation data to flow records in a way that is transparent to any flow collector. Secondly, we present a flow collector-based approach, which adds native geolocation to NetFlow data from any flow exporter. After presenting prototypes for both approaches, we demonstrate the applicability of large-scale geolocation by means of use cases. |