att_abstract={Network awareness is highly critical for network and security administrators. It enables informed planning and management of network resources, as well as detection and a comprehensive understanding of malicious activity. It requires a set of tools to efficiently collect, process and represent network data. While many of such tools already exist, there is a lack of a flexible and practical solution to visualize network activity at various granularities, and to quickly gain insights about the status of net- work assets. To address this issue, we developed Nfsight, a Netflow processing and visualization application designed to offer a comprehensive network awareness solution. Nfsight leverages the use of bidirectional flows to provide client/server identification and intrusion detection capabilities. We present in this paper the internal architecture of Nfsight, the evaluation of the service and intrusion detection algorithms. We illustrate the contributions of Nfsight through several case studies conducted by security administrators on a large campus network.},
	att_authors={mh7921, dk3239, gv2957, ds7683},
	att_categories={C_NSS.9, C_NSS.3},
	att_copyright_notice={The definitive version was published in LISAI '10.{{, 2010-11-07}}
	author={Robin Berthier AND MIchel Cukier AND Matti Hiltunen AND David Kormann AND Gregory Vesonder AND Daniel Sheleheda},
	booktitle={Proceedings of the 24th Large Installation System Administration Conference (LISA '10)},
	institution={{24th Large Installation System Administration Conference (USENIX LISA)}},
	title={{Nfsight: NetFlow-based Network Awareness Tool}},