^ Top

NANOG Meeting Presentation Abstract

NOBAD: Network-Oriented Basic Anomaly Detection
Meeting: NANOG23
Date / Time: 2001-10-22 1:30pm - 1:45pm
Room: OCC East
Presenters: Speakers:

Jonas M. Luster, d-fensive.com

Dr. Jonas Luster is co-founder and CIO of d-fensive networks, Inc. a security consulting company foscusing on risk analysis and mitigation in large scale networks. He claims not to be a technical person, having graduated as a Criminologist and not in CS, but contributes to a few OpenSource projects as programmer and designer.
Abstract: The goal of this presentation will be to introduce NOBAD, the Network Oriented Basic Anomaly Detection Infrastructure. NOBAD, a volunteer effort, aims to provide a means of distributed network performance and anomaly measurements to quickly detect network problems. These could include line saturation or CPU spikes, which might be signs of denial of service attacks or technical problems. NOBAD consists of a number of sensors deployed throughout the network and a smaller number (where \'number\' is an arbitrary amount from one to n) of so-called aggregators to collect data and react accordingly.



NOBAD is currently in use at a large network infrastructure provider and has been tested in governmental environments as well. Its distributed nature and the openness of its code and underlying mechanisms and protocols provide the needed vendor independence for homogenous networks. This presentation will focus on both technical background and possible use cases.



NOBAD, as a volunteer effort, is available as Open Source and can be used under the terms of the \'BSD Public License,\' which permits inclusion in commercial products. A stable release is planned for the weekend prior to NANOG 23.



The technical background section of the talk will include details of sensor and aggregator implementation, and will address current problems with homogenous networks.



The use case presentation will cover current implementations, advantages of NOBAD compared to static log file analyzers such as swatch, and a view into the future of distributed anomaly detection.
Files: pptJonas Luster Presentation(PPT)
youtubeNOBAD: Network-Oriented Basic Anomaly Detection
Sponsors: None.

Back to NANOG23 agenda.

NANOG23 Abstracts

  • Multicasting Worked on 9/11
    Speakers:
    Marshall Eubanks, Multicast Technologies; Prashant RajvaidyaUC Santa Barbara; .
    Rich MavrogeanesVbrick; .
  • Multicasting Worked on 9/11
    Speakers:
    Marshall Eubanks, Multicast Technologies; Prashant RajvaidyaUC Santa Barbara; .
    Rich MavrogeanesVbrick; .
  • Multicasting Worked on 9/11
    Speakers:
    Marshall Eubanks, Multicast Technologies; Prashant RajvaidyaUC Santa Barbara; .
    Rich MavrogeanesVbrick; .

 

^ Back to Top