HISTORY – HIgh Speed neTwork mOnitoRing and analYsis

The aim of this project is to build an architecture, methods, and tools for distributed network analysis. The HISTORY analysis environment makes it possible to collect information about network traffic and its behavior in distributed high-speed network environments. The employment of standardized protocols (IETF IPFIX, PSAMP, and NSIS) results in an extensible architecture. A main objective is to develop methodologies for handling high amounts of statistics and packet data even with cheap low-end components. Visualization techniques and anonymization methods round off the big picture of a visionary environment for all network monitoring and analyzing challenges. Developed tools will be available under an open source license.

Research Goals and Objectives

  • Cooperative autonomous entities with distributed functioning
  • Emergent behavior through adaptive self-organization
  • Operation in high-speed networks while utilizing standard PC components
  • Wide application range from accounting and charging up to traffic engineering and intrusion detection
  • Anonymization techniques for wide applicability

  • Project Period: 2003-09-01 - 2010-06-30

Project Members

  • PD Dr.-Ing. habil. Falko Dressler
  • Dipl. Inf. Ali Fessi (Tübingen)
  • Dipl. Inf. Andreas Klenk (Tübingen)
  • Dipl. Inf. Gerhard Münz (Tübingen)
  • Dipl.-Inf. Isabel Dietrich
  • Dipl.-Inf. Tobias Limmer
  • Dipl.-Inf. Christoph Sommer

Sponsored by

  • EU (European Commission)
  • BMBF
  • BSI

Involved institutions

  1. Falko Dressler, Wolfgang Jaegers and Reinhard German, "Flow-based Worm Detection using Correlated Honeypot Logs," Proc. of 15. GI/ITG Fachtagung Kommunikation in Verteilten Systemen, Bern, Switzerland, pp. 181-186, February 2007
  2. Falko Dressler and Gerhard Münz, "Flexible Flow Aggregation for Adaptive Network Monitoring," Proc. of 31st IEEE Conference on Local Computer Networks : 1st IEEE LCN Workshop on Network Measurements, Tampa, Florida, USA, pp. 702-709, November 2006
  3. Jochen Kaiser, Alexander Vitzthum, Peter Holleczek and Falko Dressler, "Automated resolving of security incidents as a key mechanism to fight massive infections of malicious software," Proc. of GI SIDAR International Conference on IT-Incident Management & IT-Forensics, Berlin, Stuttgart, Germany, pp. 92-103, October 2006
  4. Ronny T. Lampert, Christoph Sommer, Gerhard Münz and Falko Dressler, "Vermont - A Versatile Monitoring Toolkit Using IPFIX/PSAMP," Proc. of IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, Tübingen, Germany, pp. 62-65, September 2006
  5. Gerhard Münz, Albert Antony, Falko Dressler and Georg Carle, "Using Netconf for Configuring Monitoring Probes," Proc. of 10th IFIP/IEEE Network Operations & Management Symposium, Vancouver, Canada, April 2006
  6. Falko Dressler, "Policy-based traffic generation for IP-based networks," Proc. of 25th IEEE Conference on Computer Communications, Barcelona, Spain, April 2006
  7. Fabian Haibl and Falko Dressler, "Anonymization of Measurement and Monitoring Data: Requirements and Solutions," in Praxis der Informationsverarbeitung und Kommunikation (PIK) vol. 29 (4), pp. 208-213, 2006  
  8. Falko Dressler, "Adaptive network monitoring for self-organizing network security mechanisms," Proc. of IFIP International Conference on Telecommunication Systems, Modeling and Analysis 2005, Dallas, TX, USA, pp. 67-75, November 2005
  9. Falko Dressler and Georg Carle, "HISTORY - High Speed Network Monitoring and Analysis," Proc. of 24th IEEE Conf. on Computer Communications, Miami, FL, USA, March 2005
  10. Falko Dressler, Gerhard Münz and Georg Carle, "CATS - Cooperating Autonomous Detection Systems," 1st IFIP TC6 WG6.6 International Workshop on Autonomic Communication, Berlin, Germany, 10