CINBAD project is now focusing on providing enhancements for CERN Network Monitoring. These new improvements will facilitate day-to-day operations, the diagnosis of network problems and extend the understanding of the network evolution and design.

The CINBAD team is currently working on a visualisation model of this information and the promising prototype has already been presented. At the same time, the team has been collecting around 100GB of data per day from the CERN network and is analysing it, searching for different anomalies. Both statistical and pattern matching anomaly detection approaches by the CINBAD team led to the discovery of a number of misbehaviours, including Conficker worm infections, spammers and non-legitimate network scans.

In the next weeks we can expect a more complete toolkit for network operation and troubleshooting as well as a comprehensive report about anomaly detection techniques that were being investigated by the CINBAD team. More details about current achievements and activities are available in recent publications.

In September the CINBAD team presented a poster at the 12th International Symposium on Recent Advances in Intrusion Detection.   The team presented its system for handling sFlow data for anomaly detection as well as the tools that facilitate the network troubleshooting. The poster abstract is available in the conference proceedings.