bucy wrote:
] ] SiLK, the System for Internet-Level Knowledge, is a
] ] collection of netflow tools developed by the CERT/AC to
] ] facilitate security analysis in large networks. SiLK
] ] consists of a suite of tools which collect and examine
] ] netflow data, allowing analysts to rapidly query large
] ] sets of data. SiLK was explicitly designed with a
] ] tradeoff in mind: while traffic summaries do not provide
] ] packet-by-packet (in particular, payload) information,
] ] they are also considerably more compact and consequently
] ] can be used to acquire a wider view of network traffic
] ] problems.
]
] I'm being recruited to work on this project.

So this is the infrastructure. Its interesting, but not working at an ISP I don't really have a space to play with it. Are there any papers with results produced using the tools?

Decius wrote:
] bucy wrote:
] ] ] SiLK, the System for Internet-Level Knowledge, is a
] ] ] collection of netflow tools developed by the CERT/AC to
] ] ] facilitate security analysis in large networks. SiLK
] ] ] consists of a suite of tools which collect and examine
] ] ] netflow data, allowing analysts to rapidly query large
] ] ] sets of data. SiLK was explicitly designed with a
] ] ] tradeoff in mind: while traffic summaries do not provide
] ] ] packet-by-packet (in particular, payload) information,
] ] ] they are also considerably more compact and consequently
] ] ] can be used to acquire a wider view of network traffic
] ] ] problems.
] ]
] ] I'm being recruited to work on this project.
]
] So this is the infrastructure. Its interesting, but not
] working at an ISP I don't really have a space to play with it.
] Are there any papers with results produced using the tools?

I think they submitted to USENIX Security ... I'll have to see.