Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

BotProbe - Botnet Traffic Capture Using IPFIX

Security BSides London via YouTube

Overview

Explore IPFIX and its application in botnet traffic capture through the BotProbe project in this 42-minute Security BSides London conference talk. Delve into the advantages of IPFIX over traditional packet capture methods, including its ability to capture traffic across layers 3-7 of the OSI model and achieve a 97% reduction in traffic volumes. Learn about the history of NetFlow, the development of IPFIX, and how its template extensibility enhances threat detection capabilities. Discover the potential applications of IPFIX in pre-event forensics, legal traffic interception, and improved traffic analysis times. Gain insights into botnet detection algorithms, the comparison between pcap and IPFIX, and the process of adapting capture methods for network big data scenarios.

Syllabus

Introduction
Outline
Background
Packet capture
Mirroring
Three drawbacks
What are the alternatives
NetFlow
How does it work
History lesson
IPFIX
IPFIX template
IPFIX is structured
botnet detection algorithms
pcap vs IPFIX
Applications of IPFIX
IPFIX exporter
Adapt capture
Network big data
Template extensibility
Collaboration

Taught by

Security BSides London

Reviews

Start your review of BotProbe - Botnet Traffic Capture Using IPFIX

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.