SiLK: A Tool Suite for Unsampled Network Flow Analysis at Scale

Author

Thomas, Martyn ; Metcalf, Leigh ; Spring, J. ; Krystosek, Paul ; Prevost, Katherine

Author_Institution

Software Eng. Inst., Carnegie Mellon Univ., Pittsburgh, PA, USA

fYear

2014

fDate

June 27 2014-July 2 2014

Firstpage

184

Lastpage

191

Abstract

A large organization can generate over ten billion network flow records per day, a high-velocity data source. Finding useful, security-related anomalies in this volume of data is challenging. Most large network flow tools sample the data to make the problem manageable, but sampling unacceptably reduces the fidelity of analytic conclusions. In this paper we discuss SiLK, a tool suite created to analyze this high-volume data source without sampling. SiLK implementation and architectural design are optimized to manage this Big Data problem. SiLK provides not just network flow capture and analysis, but also includes tools to analyze large sets and dictionaries that frequently relate to network flow data, incorporating higher-variety data sources. These tools integrate disparate data sources with SiLK analysis.

Keywords

Big Data; Internet; dictionaries; Big Data problem; SiLK; System for Internet-Level Knowledge; architectural design; dictionaries; high-velocity data source; high-volume data source; security-related anomalies; tool suite; unsampled network flow analysis; IP networks; Indexes; Open source software; Ports (Computers); Protocols; Routing; Security; Network Flow; Network Security; Network traffic analysis; Open-source tools; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Big Data (BigData Congress), 2014 IEEE International Congress on

Conference_Location

Anchorage, AK

Print_ISBN

978-1-4799-5056-0

Type

conf

DOI

10.1109/BigData.Congress.2014.34

Filename

6906777