search menu icon-carat-right cmu-wordmark

IPFIX/PSAMP: What Future Standards Can Offer to Network Security (White Paper)

White Paper
In this paper, the authors show how IPFIX and PSAMP can be used to support network security.

Software Engineering Institute


Network security often requires the surveillance of the actual traffic in the network. Methods like signature-based attack detection or the detection of traffic anomalies require input from network measurements. The IETF currently standardizes the IP Flow Information Export (IPFIX) protocol for exporting flow information from routers and probes. The packet sampling (PSAMP) group extends the information model of IPFIX with the ability to report per packet information including parts of the payload. With this IPFIX and PSAMP provide valuable tools for detecting anomalies and security incidents in IP networks. Whereas the basic IPFIX and PSAMP documents are currently finalized, new drafts emerge that provide recommendations and IPFIX extensions. This paper shows how IPFIX and PSAMP can be used to support network security. Furthermore it is shown which extensions are useful and can provide further features for network security.

Part of a Collection

FloCon 2006 Collection

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.