NEMEA
The NEMEA project (Network Measurements Analysis) aims to create a framework which allows an assembly of a system for automated real-time analysis of data gathered by network monitoring processes.
Such a system consists of separate building blocks called modules which are interconnected by interfaces. A module is a separate system process receiving a stream of data on its input interface(s), processing it, and sending another stream of data through module’s output interfaces(s). There are modules for data acquisition (e.g. receiving NetFlow/IPFIX records), preprocessing, detection of various types of malicious traffic or anomalies (network attacks, link failure…), postprocessing of detection results, logging and reporting.
The key features of the NEMEA Framework are:
- Modularity and flexibility
- High throughput ( >100k flows/s on single server)
- Stream-wise real-time processing
- Distributability
- Quick and easy implementation of new modules
The NEMEA Framework implements the communication layer, flexible format called UniRec and other common tasks.
Get the project
The project is developed at github: https://github.com/CESNET/NEMEA
There are some out-of-box instances for experiments in Releases: https://github.com/CESNET/NEMEA/releases
RPM packages are released at Copr: https://copr.fedorainfracloud.org/coprs/g/CESNET/NEMEA/
Further information
More information about this project can be found at project’s web: http://nemea.liberouter.org
We have a separate mailing list: nemea@cesnet.cz
You can follow us on Twitter: @NEMEA_System