CANINE: A NetFlows Converter/Anonymizer Tool for Format Interoperability and Secure Sharing (White Paper)

September 20, 2005 • White Paper

By

Katherine Luo (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign), Adam Slagell (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), William Yurcik (National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign), and Yifan Li (National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign)

In this paper, the authors introduce a tool to address two problems with using Net-Flow logs for security analysis.

Publisher

Software Engineering Institute

Topic or Tag

Abstract

We created a tool to address two problems with using Net-Flows logs for security analysis: (1) NetFlows come in multiple, incompatible formats, and (2) the sensitivity of Net-Flow logs can hinder the sharing of these logs. We call the NetFlow converter and anonymizer that we created to address these problems CANINE: Converter and Anonymizer for Investigating Netflow Events). This paper demonstrates the use of CANINE in detail.

Software Engineering Institute