ipfix-5----Page:3
1 2 3 4 5 6 7 8 9 10 11 12
|
Application Examples Accounting and charging Monitoring and accounting for charging applications requires to save information about each individual end system. Further information about each particular flow is not required. Therefore, aggregation rules are appropriate if the address of the end system is retained. Intrusion detection If monitoring is employed for further analysis in terms of intrusion detection, i.e. anomaly detection, rule-based intrusion detection, etc, information about used protocols at transport layer as well as at application layer are mostly required. On the other hand, the analysis will typically work on the basis of sub-networks instead of single hosts because of the amount of data to process. Information about the traffic between individual end systems is required if suspicious transmissions were already detected. |