Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Wireless Personal Communications
Published in: Wireless Personal Communications 3/2017

10-09-2015

Event Driven Network Topology Discovery and Inventory Listing Using REAMS

Authors: Amir Azodi, Feng Cheng, Christoph Meinel

Published in: Wireless Personal Communications | Issue 3/2017

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Network Topology Discovery and Inventory Listing are two of the primary features of modern network monitoring systems (NMS). Current NMSs rely heavily on active scanning techniques for discovering and mapping network information. Although this approach works, it introduces some major drawbacks such as the performance impact it can exact, specially in larger network environments. As a consequence, scans are often run less frequently which can result in stale information being presented and used by the network monitoring system. Alternatively, some NMSs rely on their agents being deployed on the hosts they monitor. In this article, we present a new approach to Network Topology Discovery and Network Inventory Listing using only passive monitoring and scanning techniques. The proposed techniques rely solely on the event logs produced by the hosts and network devices present within a network. Finally, we discuss some of the advantages and disadvantages of our approach.
previous article A Blind OFDM Signal Detection Method Based on Cyclostationarity Analysis
next article A Knowledge-Based Energy Management Model that Supports Smart Metering Networks for Korean Residential Energy Grids

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
Footnotes
1
Wrapper is defined as an event format that encapsulated the original event. e.g. GELF [15].
Header is the portion of the event which is common across all events of a particular format. e.g. Syslog [16] header.
Message is the core information that is to be persisted using the event. e.g. user x logged into system y.
 
2
IP address ranges are shown to reduce the size of the graph.
 
3
Some ports and hosts were omitted due to size constraints.
 
Literature
1.
Bondi, A. B. (1998). Network management system with improved node discovery and monitoring. US Patent 5,710,885. January 20.
2.
Deb, B., Bhatnagar, S., & Nath, B. (2002). A topology discovery algorithm for sensor networks with applications to network management.
3.
Case, J., Fedor, M., Schoffstall, M., & Davin, C. (1989). A simple network management protocol (SNMP).
4.
Reid, D., & Blizzard, S. (2006). Standards-based secure management of networks, systems, applications and services using SNMPV3 and hp openview. Accessed 11 May 2015.
5.
Enterprises, N. (2014). Nagios XI the industry standard in it infrastructure monitoring.
6.
Danalis, A. G., & Dovrolis, C. (2003). Anemos: An autonomous network monitoring system. PhD thesis, University of Delaware.
7.
Basa, S., & Ganji, N. (2008). Enhanced NMS tool architecture for discovery and monitoring of nodes. PhD thesis, Master thesis Computer Science Thesis No: MCS-2008-15 January 2008.
8.
Azodi, A., Jaeger, D., Cheng, F., & Meinel, C. (2013). A new approach to building a multi-tier direct access knowledge base for IDS/SIEM systems. In Proceedings of the 11th IEEE international conference on dependable, autonomic and secure computing (DASC2013), Chengdu, China.
9.
Barnard, R. L. (1988). Intrusion detection systems. Houston: Gulf Professional Publishing.
10.
Azodi, A., Jaeger, D., Cheng, F., & Meinel, C. (2013). Pushing the limits in event normalisation to improve attack detection in IDS/SIEM systems. In Proceedings of the first international conference on advanced cloud and big data (CBD2013), Nanjing, China.
11.
Elastic Company. Logstash. Accessed 20 May 2015.
12.
13.
14.
15.
TORCH GmbH. (2013). Graylog extended log format (version 1.1). Web Site, November.
16.
Gerhards, R. (2009). The syslog protocol. RFC 5424 (Proposed Standard).
17.
Inc. Cisco Systems. (2014). Cisco systems, inc. Accessed 10 May 2015.
18.
Inc. Cisco Systems. (2014). Cisco adaptive security appliance (ASA) software. Accessed 10 May 2015.
19.
Rekhter, Y., & Li, T. (1994). Open systems interconnection—Model and Notation. Technical report X.200, telecommunication standardization Sector of ITU.
20.
Droms, R. (1997). Dynamic host configuration protocol. RFC 2131, RFC Editor.
21.
Mockapetris, P. (1987). Domain Names—Implementation and specification. RFC 1035, RFC Editor.
22.
Postel, J., & Reynolds, J. K. (1985). File transfer protocol (FTP). RFC 959, RFC Editor.
23.
The DNS-BH project. (2014). Malware prevention through domain blocking (black hole DNS sinkhole). Accessed 11 May 2015.
24.
Insecure.Org. Nmap security scanner (2014). Accessed 14 May 2015.
Metadata
Title
Event Driven Network Topology Discovery and Inventory Listing Using REAMS
Authors
Amir Azodi
Feng Cheng
Christoph Meinel
Publication date
10-09-2015
Publisher
Springer US
Published in
Wireless Personal Communications / Issue 3/2017
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI
https://doi.org/10.1007/s11277-015-3061-3

Other articles of this Issue 3/2017

Wireless Personal Communications 3/2017 Go to the issue

OriginalPaper

Performance of Enhanced Massive Multiuser MIMO Systems Using Transmit Beamforming and Transmit Antenna Selection Techniques

OriginalPaper

Cryptanalysis and Improvement in User Authentication and Key Agreement Scheme for Wireless Sensor Network

OriginalPaper

Energy-Efficient Power Control Scheme for Device-to-Device Communications

OriginalPaper

Removal of Sensing-Throughput Tradeoff Barrier in Cognitive Radio Networks

OriginalPaper

An Electronic Transaction Mechanism Using Mobile Devices for Cloud Computing

OriginalPaper

A Range Free Geometric Technique for Localization of Wireless Sensor Network (WSN) Based on Controlled Communication Range