History LogoHISTORY - HIgh Speed neTwork mOnitoRing and analYsis
RI Logo A research project by
Network Architectures and Services, Technische Universität München  &  Computer Networks and Communication Systems, University of Erlangen
i7 Logo

Publications:

[1] Gerhard Münz, Benoit Claise, and Paul Aitken. Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols. RFC 6728, October 2012. [ http ]
[2] Thomas Kothmayr, Corinna Schmitt, Wen Hu, Michael Bruenig, and Georg Carle. A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication. In Seventh IEEE International Workshop on Practical Issues in Building Sensor Network Applications (SenseApp), Clearwater (FL), USA, October 2012.
[3] Thomas Dietz, Atsushi Kobayashi, Benoit Claise, and Gerhard Münz. Definitions of managed objects for IP flow information export. RFC 6615 (Obsoletes RFC 5815), June 2012. [ http ]
[4] Benoit Claise, Paul Aitken, Andrew Johnson, and Gerhard Münz. IP Flow Information Export (IPFIX) Per Stream Control Transmission Protocol (SCTP) Stream. RFC 6526, March 2012. [ http ]
[5] Thomas Kothmayr, Wen Hu, Corinna Schmitt, Michael Brünig, and Georg Carle. Securing the Internet of Things with DTLS. In Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems (SenSys), Poster Session, Seattle, USA, November 2011.
[6] Lothar Braun, Corinna Schmitt, Benoit Claise, and Georg Carle. Compressed IPFIX for smart meters in constrained networks. Internet-Draft (work in progress), draft-braun-core-compressed-ipfix-03.txt, September 2011. [ http ]
[7] Atsushi Kobayashi, Benoit Claise, Gerhard Münz, and Keisuke Ishibashi. IP Flow Information (IPFIX) Mediation: Framework. RFC 6183, April 2011. [ .html ]
[8] Daniel Mentz, Gerhard Münz, and Lothar Braun. Recommendations for Implementing IPFIX over DTLS. Internet-Draft (work in progress), draft-mentz-ipfix-dtls-recommendations-02, March 2011. [ http ]
[9] Lothar Braun, Gerhard Münz, and Georg Carle. Packet Sampling for Worm and Botnet Detection in TCP Connections. In Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS) 2010, Osaka, Japan, April 2010. [ .pdf ]
[10] Thomas Dietz, Atsushi Kobayashi, Benoit Claise, and Gerhard Münz. Definitions of managed objects for IP flow information export. RFC 5815, April 2010. [ http ]
[11] Corinna Schmitt, Lothar Braun, Thomas Kothmayr, and Georg Carle. Collecting Sensor Data using Compressed IPFIX. In Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), Poster Session, Stockholm, Sweden, April 2010.
[12] Thomas Kothmayr, Corinna Schmitt, Lothar Braun, and Georg Carle. Gathering Sensor Data in Home Networks with IPFIX. In Proceedings of the 7th European Conference on Wireless Sensor Networks (EWSN 2010), Coimbra, Portugal, February 2010.
[13] David Eckhoff, Tobias Limmer, and Falko Dressler. Hash Tables for Efficient Flow Monitoring: Vulnerabilities and Countermeasures. In 34th IEEE Conference on Local Computer Networks (LCN): 4th IEEE LCN Workshop on Network Measurements (WNM 2009), Zurich, Switzerland, October 2009. [ .pdf ]
[14] Thomas Dietz, Benoit Claise, Paul Aitken, Falko Dressler, and Georg Carle. Information model for packet sampling exports. RFC 5477, March 2009. [ .html ]
[15] Tobias Limmer and Falko Dressler. Seamless Dynamic Reconfiguration of Flow Meters: Requirements and Solutions. In 16. GI/ITG Fachtagung Kommunikation in Verteilten Systemen (KiVS 2009), pages 179-190, Kassel, Germany, March 2009. [ .pdf ]
[16] Tobias Limmer and Falko Dressler. Flow-based Front Payload Aggregation. In 34th IEEE Conference on Local Computer Networks (LCN): 4th IEEE LCN Workshop on Network Measurements (WNM 2009), Zurich, Switzerland, oct 2009. [ .pdf ]
[17] Tobias Limmer and Falko Dressler. Flow-based TCP Connection Analysis. In 28th IEEE International Performance Computing and Communications Conference (IPCCC 2009), 2nd IEEE International Workshop on Information and Data Assurance (WIDA'09), Phoenix, AZ, USA, dec 2009. [ .pdf ]
[18] Gerhard Münz and Georg Carle. Application of forecasting techniques and control charts for traffic anomaly detection. In Proceedings of the 19th ITC Specialist Seminar on Network Usage and Traffic, Berlin, Germany, October 2008. [ .pdf ]
[19] Falko Dressler, Christoph Sommer, Gerhard Münz, and Atsushi Kobayashi. IPFIX flow aggregation. Internet-Draft (work in progress), draft-dressler-ipfix-aggregation-05, July 2008. [ http ]
[20] Gerhard Münz and Lothar Braun. Lossless Compression for IP Flow Information Export (IPFIX). Internet-Draft (work in progress), draft-muenz-ipfix-compression-00, July 2008. [ http ]
[21] Christoph Sommer, Falko Dressler, and Gerhard Münz. Mediator-specific extensions to IPFIX protocol and information model. Internet-Draft (work in progress), draft-sommer-ipfix-mediator-ext-01, July 2008. [ http ]
[22] Christoph Sommer, Falko Dressler, and Gerhard Münz. Rich template set extension to the IPFIX protocol. Internet-Draft (work in progress), draft-sommer-ipfix-richtemplate-00, July 2008. [ http ]
[23] Gerhard Münz and Georg Carle. Distributed network analysis using TOPAS and Wireshark. In Proceedings of IEEE Workshop on End-to-End Monitoring Techniques and Services (E2EMon 2008), Salvador-Bahia, Brazil, April 2008. [ .pdf ]
[24] Gerhard Münz, Nico Weber, and Georg Carle. Signature detection in sampled packets. In Proceedings of Workshop on Monitoring, Attack Detection and Mitigation (MonAM) 2007, Toulouse, France, November 2007. [ .pdf ]
[25] Gerhard Münz, Sa Li, and Georg Carle. Traffic anomaly detection using k-means clustering. In Proceedings of Leistungs-, Zuverlässigkeits- und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 4. GI/ITG-Workshop MMBnet 2007, Hamburg, Germany, September 2007. [ .pdf ]
[26] Gerhard Münz and Georg Carle. Real-time analysis of flow data for network attack detection. In Proceedings of IFIP/IEEE Symposium on Integrated Management (IM) 2007, Munich, Germany, May 2007. [ .pdf ]
[27] Ali Fessi, Georg Carle, Falko Dressler, Jürgen Quittek, Cornelia Cappler, and H. Tschofenig. NSLP for metering configuration signaling. Internet-Draft (work in progress), draft-dressler-nsis-metering-nslp-05.txt, March 2007. [ .txt ]
[28] Ali Fessi, Cornelia Kappler, Chang Fan, Falko Dressler, and Andreas Klenk. Framework for metering NSLP. Internet-Draft (work in progress), draft-fessi-nsis-m-nslp-framework-04.txt, March 2007. [ .txt ]
[29] Fabian Haibl and Falko Dressler. Anonymization of Measurement and Monitoring Data: Requirements and Solutions. Praxis der Informationsverarbeitung und Kommunikation (PIK), 29(4):208-213, December 2006.
[30] Falko Dressler and Gerhard Münz. Flexible flow aggregation for adaptive network monitoring. In Proceedings of IEEE LCN Workshop on Network Measurements 2006, Tampa, Florida, USA, November 2006. [ .pdf ]
[31] Ronny T. Lampert, Christoph Sommer, Gerhard Münz, and Falko Dressler. Vermont - A Versatile Monitoring Toolkit for IPFIX and PSAMP. In Proceedings of Workshop on Monitoring, Attack Detection and Mitigation (MonAM) 2006, Tuebingen, Germany, September 2006. [ .pdf ]
[32] Lothar Braun and Gerhard Münz. Netzbasierte Angriffs- und Anomalieerkennung mit TOPAS. In GI FG SIDAR Graduierten-Workshop über Reaktive Sicherheit (SPRING), SIDAR-Report SR-2006-01, Editor: Ulrich Flegel, Berlin, Germany, July 2006. [ .pdf ]
[33] Falko Dressler. Policy-based traffic generation for IP-based networks. In 25th IEEE Conference on Computer Communications (IEEE INFOCOM 2006), poster session, Barcelona, Spain, April 2006.
[34] Gerhard Münz, Albert Antony, Falko Dressler, and Georg Carle. Using Netconf for configuring monitoring probes. In Proceedings of IEEE/IFIP Network Operations and Management Symposium (NOMS) 2006, Poster Session, Vancouver, Canada, April 2006. [ .pdf | .pdf ]
[35] Falko Dressler and Isabel Dietrich. Simulative analysis of adaptive network monitoring methodologies for attack detection. In Proceedings of IEEE EUROCON 2005 - The International Conference on “Computer as a Tool”, pages 624-627, Belgrade, Serbia and Montenegro, November 2005.
[36] Falko Dressler. Adaptive network monitoring for self-organizing network security mechanisms. In Proceedings of IFIP International Conference on Telecommunication Systems, Modeling and Analysis (ICTSM2005), pages 67-75, Dallas, TX, USA, November 2005.
[37] Ralph Kühne, Uve Reimer, Morton Schläger, Falko Dressler, Changpeng Fan, Ali Fessi, Andreas Klenk, and Georg Carle. Architecture for a Service-oriented and Convergent Charging in 3G mobile Networks and Beyond. In 6th IEE International Conference on 3G & Beyond (3G 2005), London, UK, November 2005. [ .pdf ]
[38] Andreas Klenk, Philipp Schlicker, Ralph Kühne, Ali Fessi, Changpeng Fan, Falko Dressler, and Georg Carle. Path coupled accounting mechanisms for all IP networks. In 6th IEE International Conference on 3G & Beyond (3G 2005), London, UK, November 2005. [ .pdf ]
[39] Falko Dressler, Andreas Klenk, Cornelia Kappler, Ali Fessi, and Georg Carle. Path-coupled signaling for dynamic metering configuration in ip-based networks. In IFIP 2005 Networking and Electronic Commerce Research Conference (NAEC 2005), pages 388-399, Riva del Garda, Italy, October 2005. [ .pdf ]
[40] Uwe Foell, Changpeng Fan, Georg Carle, Falko Dressler, and Mehran Roshandel. Service-oriented accounting and charging for 3G and B3G mobile environments. In 9th IFIP/IEEE International Symposium on Integrated Network Management(IM 2005), Nice, France, May 2005. [ .pdf ]
[41] Falko Dressler and Georg Carle. History - high speed network monitoring and analysis. In 24th IEEE Conference on Computer Communications (IEEE INFOCOM 2005), poster session, Miami, FL, USA, March 2005. [ .pdf ]
[42] Falko Dressler, Gerhard Münz, and Georg Carle. CATS - Cooperating Autonomous Detection Systems. In Proceedings of 1st IFIP International Workshop on Autonomic Communication (WAC) 2004, Poster Session, Berlin, Germany, October 2004. [ .pdf | .pdf ]
[43] F. Dressler, Georg Carle, C. Fan, C. Kappler, and H. Tschofenig. NSLP for accounting configuration signaling, July 2004.

Theses:

[1] Oliver Gasser. Monitoring Command-and-Control Channels with ccSpy. IDP, March 2013.
[2] Cornelius Diekmann. Adaptive Low-Level Packet Sampling for High-Speed Networks. IDP, April 2012.
[3] Alexander Didebulidze. Leistungsbewertung und Verbesserung des Packet-Capturings mit PC-Hardware. Diplomarbeit, April 2010. [ .pdf ]
[4] Kameliya Terzieva. Export von Netzstatusinformationen aus WLAN-Routern mit IPFIX. Bachelorarbeit, February 2010.
[5] Daniel Mentz. Sichere und effiziente Übertragung von Verkehrsmessdaten. Diplomarbeit, January 2010.
[6] David Eckhoff. Untersuchung von Angriffsmodellen und geeigneten Schutzma├čnahmen für Flowmonitore. Diplomarbeit, University of Erlangen-Nuremberg, June 2009.
[7] Stefanie Mika. Evaluation und Implementierung von Überlastschutzmethoden für einen Flowmonitor. Diplomarbeit, University of Erlangen-Nuremberg, November 2008.
[8] Nico Weber. Cluster-Analyse in sequentiellen Daten. Diplomarbeit, University of Tübingen, July 2008.
[9] Lothar Braun. Verkehrscharakterisierung und Wurmerkennung mit gesampelten Paketen. Diplomarbeit, University of Tübingen, May 2008.
[10] Enno Herr. Verkehrsanalyse mit Wavelets. Diplomarbeit, University of Tübingen, April 2008.
[11] Alex Melnik. Zuverlässige Übertragung von Monitoring-Daten mit SCTP. Studienarbeit, University of Tübingen, January 2008.
[12] Peter Baumann. Implementierung einer dynamischen Konfigurationsschnittstelle eines Netzwerküberwachungssystems. Diplomarbeit, University of Erlangen-Nuremberg, November 2007.
[13] Sven Wiebusch. Statische Methoden zur Change-Point-Detection in Flow-Daten. Studienarbeit, University of Tübingen, October 2007.
[14] Dominik Brettnacher. Network Data Mining - Angriffserkennung mit Data-Mining-Methoden. Diplomarbeit, University of Tübingen, September 2007.
[15] Raimondas Sasnauskas. Policy-basierte Verarbeitung und Korrelation von Angriffsmeldungen zur dynamischen Konfiguration eines NIDS. Diplomarbeit, University of Tübingen, May 2007.
[16] Sebastian Steiner. Development of an Express Aggregator for the Monitoring Toolkit Vermont. Studienarbeit, University of Erlangen-Nuremberg, May 2007.
[17] Maximilian Hütter. Konzeption und Implementierung eines Managementsystems zur Konfiguration entfernter Netzwerkmonitore. Diplomarbeit, University of Tübingen, November 2006.
[18] Nico Weber. Erkennung von Würmern in gesampelten Paketen. Studienarbeit, University of Tübingen, November 2006.
[19] Wolfgang Jaegers. Korrelation von Monitoring-Daten und Honeypot-Informationen. Studienarbeit, University of Erlangen-Nuremberg, October 2006.
[20] Jürgen Abberger. Entwurf und Implementierung einer Datenbankschnittstelle für VERMONT. Studienarbeit, University of Tübingen, September 2006.
[21] Lothar Braun. Entwurf und Implementierung eines Systems zu Echtzeitverarbeitung von Flow- und Paketdaten. Studienarbeit, University of Tübingen, September 2006.
[22] Michael Drüing. Konzeption und Implementierung eines Tools zur Aufzeichnung von Datenpaketen und zur statistischen Analyse des Netzwerkverkehrs. Studienarbeit, University of Tübingen, March 2006.
[23] Sa Li. Network Data Mining: Untersuchung und Anwendung von Data-Mining-Methoden zur Verkehrsanalyse. Studienarbeit, University of Tübingen, February 2006.
[24] Mathias Gorski. Simulation und Analyse von DDoS-Angriffen. Studienarbeit, University of Erlangen-Nuremberg, January 2006.
[25] Rodrigo Nebel. Steuerung verteilter Verkehrsgeneratoren. Studienarbeit, University of Erlangen-Nuremberg, December 2005.
[26] Ümer Koyuncu. Untersuchung von Denial-of-Service-Attacken. Studienarbeit, University of Tübingen, November 2005.
[27] Thomas Schurtz. Beschreibung und Analyse von verteilt aufgezeichneten Verkehrsdaten. Diplomarbeit, University of Tübingen, November 2005.
[28] Christoph Sommer. Implementation of a Netflow Concentrator. Studienarbeit, University of Erlangen-Nuremberg, November 2005.
[29] David Halsband. A Honeypot Architecture for Distributed Network Traffic Analysis and Intrusion Detection. Studienarbeit, University of Tübingen, August 2005.
[30] Alexander Lochschmied. Signaling Pathways in Secured Network Environments. Diplomarbeit, University of Erlangen-Nuremberg, July 2005.
[31] Ronny Lampert. Implementierung einer IPFIX/PSAMP Probe. Studienarbeit, University of Erlangen-Nuremberg, June 2005.
[32] Christian Bannes. Konzeption und Implementierung eines Paketgenerators zur kontrollierten Lasterzeugung und Dienstgütemessung im Internet. Studienarbeit, University of Tübingen, May 2005.
[33] Jing Chen. Modellierung und Effizienzbetrachtungen von Monitornetzen für Netzwerksicherheitslösungen. Diplomarbeit, University of Erlangen-Nuremberg, May 2005.
[34] Fabian Haibl. Erstellung einer Funktion zur regelbasierten Anonymisierung von Verbindungsdaten im Internet. Studienarbeit, University of Tübingen, May 2005.
[35] Jan Petranek. Vergleichende Untersuchung von Algorithmen und Mechanismen von Intrusion Detection Systemen (IDS) und prototypische Implementierung im Labornetz. Diplomarbeit, University of T bingen, May 2005.
[36] Raimondas Sasnauskas. Entwicklung einer Umgebung zur automatisierten, SNMP-basierten Konfiguration von Labornetzen. Studienarbeit, University of Tübingen, April 2005.
[37] Christian Japes. Implementierung eines Analyspakets zur Auswertung von gesammelten Netflow- bzw. Packet-Sampling-Daten. Diplomarbeit, University of Erlangen-Nuremberg, November 2004.
[38] Christian Japes. Konzeption und Implementierung einer Analysefunktion für Netzwerkverkehr im Hochgeschwindigkeitsbereich. Studienarbeit, University of Erlangen-Nuremberg, February 2004.