LOBSTER: A European platform for passive network traffic monitoring

Demetris Antoniades; Michalis Polychronakis; Antonis Papadogiannakis; Panagiotis Trimintzios; Sven Ubik; Vladimir Smotlacha

doi:10.4108/tridentcom.2008.3153

LOBSTER: A European platform for passive network traffic monitoring

Demetris Antoniades
, Michalis Polychronakis
, Antonis Papadogiannakis
, Panagiotis Trimintzios
, Sven Ubik
, Vladimir Smotlacha

Computer Science

Foundation for Research and Technology-Hellas
ENISA
CESNET

Research output: Contribution to conference › Paper › peer-review

9 Scopus citations

Abstract

Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators. In this paper we present a concerted European effort to improve our understanding of the Internet through the LOBSTER passive network traffic monitoring infrastructure. By capitalizing on a novel Distributed Monitoring Application Programming Interface which enables the creation of sophisticated applications on top of commodity hardware, LOBSTER empowers a large number of researchers and system administrators into reaching a better understanding of the kind of traffic that flows through their networks. We have been running LOBSTER for more than a year now and we have deployed close to forty sensors in twelve countries in three continents. Using LOBSTER sensors •; we have captured more than 600,000 sophisticated cyberat-tacks which attempted to masquerade themselves using advanced polymorphic approaches •; we have monitored the traffic of entire NRENs making it possible to identify the magnitude (as well as the sources) of file-sharing (peer to peer) traffic.

Original language	English
DOIs	https://doi.org/10.4108/tridentcom.2008.3153
State	Published - 2008
Event	4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2008 - Innsbruck, Austria Duration: Mar 17 2008 → Mar 20 2008

Conference

Conference	4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2008
Country/Territory	Austria
City	Innsbruck
Period	03/17/08 → 03/20/08

Keywords

Distributed monitoring
Netork monitoring
Security
Traffic classification

Access to Document

10.4108/tridentcom.2008.3153

Cite this

Antoniades, D., Polychronakis, M., Papadogiannakis, A., Trimintzios, P., Ubik, S., & Smotlacha, V. (2008). LOBSTER: A European platform for passive network traffic monitoring. Paper presented at 4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2008, Innsbruck, Austria. https://doi.org/10.4108/tridentcom.2008.3153

@conference{06eab043295b4ca5a9c8468faf836a57,

title = "LOBSTER: A European platform for passive network traffic monitoring",

abstract = "Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators. In this paper we present a concerted European effort to improve our understanding of the Internet through the LOBSTER passive network traffic monitoring infrastructure. By capitalizing on a novel Distributed Monitoring Application Programming Interface which enables the creation of sophisticated applications on top of commodity hardware, LOBSTER empowers a large number of researchers and system administrators into reaching a better understanding of the kind of traffic that flows through their networks. We have been running LOBSTER for more than a year now and we have deployed close to forty sensors in twelve countries in three continents. Using LOBSTER sensors •; we have captured more than 600,000 sophisticated cyberat-tacks which attempted to masquerade themselves using advanced polymorphic approaches •; we have monitored the traffic of entire NRENs making it possible to identify the magnitude (as well as the sources) of file-sharing (peer to peer) traffic.",

keywords = "Distributed monitoring, Netork monitoring, Security, Traffic classification",

author = "Demetris Antoniades and Michalis Polychronakis and Antonis Papadogiannakis and Panagiotis Trimintzios and Sven Ubik and Vladimir Smotlacha",

year = "2008",

doi = "10.4108/tridentcom.2008.3153",

language = "English",

note = "4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2008 ; Conference date: 17-03-2008 Through 20-03-2008",

}

Antoniades, D, Polychronakis, M, Papadogiannakis, A, Trimintzios, P, Ubik, S & Smotlacha, V 2008, 'LOBSTER: A European platform for passive network traffic monitoring', Paper presented at 4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2008, Innsbruck, Austria, 03/17/08 - 03/20/08. https://doi.org/10.4108/tridentcom.2008.3153

LOBSTER: A European platform for passive network traffic monitoring. / Antoniades, Demetris; Polychronakis, Michalis; Papadogiannakis, Antonis et al.
2008. Paper presented at 4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2008, Innsbruck, Austria.

Research output: Contribution to conference › Paper › peer-review

TY - CONF

T1 - LOBSTER

T2 - 4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2008

AU - Antoniades, Demetris

AU - Polychronakis, Michalis

AU - Papadogiannakis, Antonis

AU - Trimintzios, Panagiotis

AU - Ubik, Sven

AU - Smotlacha, Vladimir

PY - 2008

Y1 - 2008

N2 - Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators. In this paper we present a concerted European effort to improve our understanding of the Internet through the LOBSTER passive network traffic monitoring infrastructure. By capitalizing on a novel Distributed Monitoring Application Programming Interface which enables the creation of sophisticated applications on top of commodity hardware, LOBSTER empowers a large number of researchers and system administrators into reaching a better understanding of the kind of traffic that flows through their networks. We have been running LOBSTER for more than a year now and we have deployed close to forty sensors in twelve countries in three continents. Using LOBSTER sensors •; we have captured more than 600,000 sophisticated cyberat-tacks which attempted to masquerade themselves using advanced polymorphic approaches •; we have monitored the traffic of entire NRENs making it possible to identify the magnitude (as well as the sources) of file-sharing (peer to peer) traffic.

AB - Over the past few years we have been witnessing a large number of new programs and applications which generate prolific amounts of questionable, if not illegal, traffic that dominates our networks. Hoping from one port to another and using sophisticated encoding mechanisms, such applications have managed to evade traditional monitoring tools and confuse system administrators. In this paper we present a concerted European effort to improve our understanding of the Internet through the LOBSTER passive network traffic monitoring infrastructure. By capitalizing on a novel Distributed Monitoring Application Programming Interface which enables the creation of sophisticated applications on top of commodity hardware, LOBSTER empowers a large number of researchers and system administrators into reaching a better understanding of the kind of traffic that flows through their networks. We have been running LOBSTER for more than a year now and we have deployed close to forty sensors in twelve countries in three continents. Using LOBSTER sensors •; we have captured more than 600,000 sophisticated cyberat-tacks which attempted to masquerade themselves using advanced polymorphic approaches •; we have monitored the traffic of entire NRENs making it possible to identify the magnitude (as well as the sources) of file-sharing (peer to peer) traffic.

KW - Distributed monitoring

KW - Netork monitoring

KW - Security

KW - Traffic classification

UR - https://www.scopus.com/pages/publications/84898652808

U2 - 10.4108/tridentcom.2008.3153

DO - 10.4108/tridentcom.2008.3153

M3 - Paper

AN - SCOPUS:84898652808

Y2 - 17 March 2008 through 20 March 2008

ER -

Antoniades D, Polychronakis M, Papadogiannakis A, Trimintzios P, Ubik S, Smotlacha V. LOBSTER: A European platform for passive network traffic monitoring. 2008. Paper presented at 4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, TRIDENTCOM 2008, Innsbruck, Austria. doi: 10.4108/tridentcom.2008.3153

LOBSTER: A European platform for passive network traffic monitoring

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this