CESNET's Nemea



Functional Components Description

Nemea system consists of separate building blocks called modules which are interconnected by interfaces. A module is a separate system process receiving a stream of data on its input interface(s), processing it, and sending another stream of data through module’s output interfaces(s). There are modules for data acquisition (e.g. receiving NetFlow/IPFIX records), preprocessing, detection of various types of malicious traffic or anomalies (network attacks, link failure…), postprocessing of detection results, logging and reporting.


Services provided

The NEMEA Framework implements the communication layer, flexible format called UniRec and other common tasks. As such when installed it detects network security events in flow data.


Current Usage

Nemea is deployed in CESNET backbone network infrastructure, SWITCH, Casablanca.


Keywords

Flow traffic analysis, network monitoring


Services

  • Modules interconnected by interfaces. A module is a separate system process receiving a stream of data on its input interface(s), processing it, and sending another stream of data through module’s output interfaces(s).

  • Modules for data acquisition (e.g. receiving NetFlow/IPFIX records), preprocessing, detection of various types of malicious traffic or anomalies (network attacks, link failure…), postprocessing of detection results, logging and reporting.

  • Implements the communication layer, flexible format called UniRec and other common tasks.

  • Detects network security events in flow data.


Technical equipment

CESNET network backbone


Use request

Open source