terena networking conference 2010


geant Anomaly detection in backbone networks: building a security service upon an innovative tool

We report the experience of DANTE in cross comparing, deploying and tuning tools for achieving network-wide visibility and control of the malicious traffic transiting the G√ČANT network. This work is innovative because it is based purely on NetFlow and routing data, without any dedicated probes at each ingress link. The service that we envisage delivering via the tool we selected and deployed (NetReflex) will take the form of a punctual reporting of security incidents to the origin and/or target networks, so that coordinated actions can be taken to mitigate the anomalies (if still ongoing) or eradicate the causes.



  • Wayne Routly, Maurizio Molina - (DANTE)
  • Ignasi Paredes-Oliva - Universitat Polit√®cnica de Catalunya (UPC)
  • Ashish Jain - (Guavus)