%0 Conference Proceedings
%T Preserving Relations in Parallel Flow Data Processing
%+ Czech Technical University in Prague (CTU)
%+ CESNET [Prague]
%A Čejka, Tomáš
%A Žádnik, Martin
%Z Part 4: Short Papers: Security, Intrusion Detection, and Configuration
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 11th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS)
%C Zurich, Switzerland
%Y Daphne Tuncer
%Y Robert Koch
%Y Rémi Badonnel
%Y Burkhard Stiller
%I Springer International Publishing
%3 Security of Networks and Services in an All-Connected World
%V LNCS-10356
%P 153-156
%8 2017-07-10
%D 2017
%R 10.1007/978-3-319-60774-0_14
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X Network monitoring produces high volume of data that must be analyzed ideally in near real-time to support network security operations. It is possible to process the data using Big Data frameworks, however, such approach requires adaptation or complete redesign of processing tools to get the same results. This paper elaborates on a parallel processing based on splitting a stream of flow records. The goal is to create subsets of traffic that contain enough information for parallel anomaly detection. The paper describes a methodology based on so called witnesses that helps to scale up without any need to modify existing algorithms.
%G English
%Z TC 6
%Z WG 6.6
%2 https://inria.hal.science/hal-01806065/document
%2 https://inria.hal.science/hal-01806065/file/452969_1_En_14_Chapter.pdf
%L hal-01806065
%U https://inria.hal.science/hal-01806065
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC6
%~ IFIP-AIMS
%~ IFIP-WG6-6
%~ IFIP-LNCS-10356