17. – 20. Mai 2009, Dagstuhl Seminar 09211
Visualization and Monitoring of Network Traffic
Auskunft zu diesem Dagstuhl Seminar erteilt
The seamless operation of the Internet requires being able to monitor and visualize the actual behaviour of the network. Today, IP network operators usually collect network flow statistics from critical points of their network infrastructure. Flows aggregate packets that share common properties. Flow records are stored and analyzed to extract accounting information and increasingly to identify and isolate network problems or security incidents. While network problems or attacks significantly changing traffic patterns are relatively easy to identify, it tends to be much more challenging to identify creeping changes or attacks and faults that manifest themselves only by very careful analysis of initially seemingly unrelated traffic pattern and their changes. There are currently no deployable good solutions and research in this area is just starting. In addition, the large volume of flow data on high capacity networks and exchange points requires to move to probabilistic sampling techniques, which require new analysis techniques to calculate and also visualize the uncertainty attached to data sets.
The aim of the seminar is to bring together for the first time people from the networking community and the visualization community in order to explore common grounds in capturing and visualizing network behaviour and to exchange upcoming requirements and novel techniques. The seminar also targets network operators running large IP networks as well as companies building software products for network monitoring and visualization. We believe that bringing experts from two usually separate fields together makes this seminar unique and we expect that the intensive exchange in a Dagstuhl seminar setting has high potential to lead to joint follow-up research.
The following research questions were suggested for discussion:
- What are suitable data analysis and visualization techniques that can operate in real-time and support interactive online operation?
- How can monitoring and visualization techniques be made scalable?
- How can distributed monitoring systems be self-organizing and adapt dynamically to changes in network and service usage?
- How can algorithms aggregate data within the network and trade accuracy of the measurement results against data collection overhead?
- What are suitable sampling techniques and how does sampled data impact data analysis techniques and data visualization?
- Which filtering, zooming, and correlation techniques can be applied in real-time?
- What are good techniques for visualizing unusual traffic patterns or very rare patterns?
- What are effective methods to detect and visualize intrusions, like (distributed) scan attempts and denial of service attacks.
While this item list was helpful as an orientation, not all of the items were actually covered during the seminar. Moreover, other concerns, such as NetFlow storage and retrieval, were emphasized in the presentations and discussions.
The Visualization and Monitoring of Network Traffic seminar was a fertile meeting in which researchers from diverse background met. It included industry and academia, senior and junior researchers, multinational representation, and people coming from several disciplines. This diversity resulted in interesting and useful discussions, new understandings of the fundamental concepts and problems in the field, and in new collaborations on an array of problems which were not well defined or identified prior to this seminar.
Several work groups during the seminar not only generated new insights into specific topics in the field of visual network monitoring, but also initiated ongoing joint work, with group members continuing the work they started at the seminar. The seminar included multiple presentations and discussions. In particular, the largely disjoint research communities Networking and Visualization exchanged their methods and unsolved problems resulting in fruitful discussions and awareness of the respectively other field.
This seminar clearly illustrated the diversity, relevance, and fertility of the topics we presented and discussed. The intensity of the participants' involvement leads us to believe that the interactions fostered by the seminar will generate a lot of follow‐up research, and eventually lead to practical use as well.
- Computer Graphics
- Computer Vision
- Computer Networks
- Monitoring of Networks and Services