@conference {18641, title = {Nfsight: netflow-based network awareness tool}, year = {2010}, month = {2010///}, abstract = {Network awareness is highly critical for network and se-curity administrators. It enables informed planning and management of network resources, as well as detection and a comprehensive understanding of malicious activ- ity. It requires a set of tools to efficiently collect, process, and represent network data. While many such tools al- ready exist, there is no flexible and practical solution for visualizing network activity at various granularities, and quickly gaining insights about the status of network as- sets. To address this issue, we developed Nfsight, a Net- Flow processing and visualization application designed to offer a comprehensive network awareness solution. Nfsight constructs bidirectional flows out of the unidi- rectional NetFlow flows and leverages these bidirectional flows to provide client/server identification and intrusion detection capabilities. We present in this paper the in- ternal architecture of Nfsight, the evaluation of the ser- vice, and intrusion detection algorithms. We illustrate the contributions of Nfsight through several case studies conducted by security administrators on a large univer- sity network. }, url = {http://www.usenix.org/event/lisa10/tech/full_papers/Berthier.pdf}, author = {Berthier,R. and Michel Cukier and Hiltunen,M. and Kormann,D. and Vesonder,G. and Sheleheda,D.} }