Netpy: Advanced Network Traffic Monitoring

The paper presents an extension of NetPy, a network traffic visualization tool using NetFlow records. NetPy offers traffic visualization as well as a traffic analysis, which is very useful for the network administrators. NetPy has been re-designed to include a better graphical user interface to make the application easier to use and to present the information in the best way possible. The new version also improves the former analysis modules and offers new ways for the administrator to monitor and control events in the network, such as a comparative analysis. The application also integrates a new advanced intrusion detection module. The attacks that this module is able to detect will be presented, as well as the methods used. The denial of service, PortScan and custom defined attacks, based on the number of connections, the number of packets or the payload between hosts can be detected with a very good accuracy. The new NetPy version has been developed by a team from Politehnica University of Bucharest in collaboration with the department of Computer Science of the University of Wisconsin-Madison U.S.A.