Office of Technology Transfer – University of Michigan

AMON (All-packet MONitor)

Technology #7070

Questions about this technology? Ask a Technology Manager

Download Printable PDF

Michael Kallitsis
AMON: An Open Source Architecture for Online Monitoring, Statistical Analysis and Forensics of Multi-gigabit Streams
arXiv:1509.00268, 2015

This technology helps to predict, analyze, and respond to network attacks in a rapid manner. Modern internet infrastructure has several weaknesses which can be exploited by malicious groups or individuals. Distributed denial of service (DDoS) attacks, while relatively simple, can compromise government and business servers, costing hundreds of thousands of dollars. There are even services which can be bought for the purpose of DDoS attacks. It is essential to have ways to fight against such attacks and improve network security.

Protection through real-time visualization and analytics

This technology helps to identify incipient and ongoing attacks through the analysis and visualization of network traffic data. Using a powerful new platform, the technology is able to scan all incoming packets at up to 25 Gigabytes per second on commodity hardware. It also allows the identification of the sources and scopes of incoming attacks. While there are some companies which provide similar services, this technology offers substantial advantages by allowing real-time visualization of large amount of data on non-specialized and comparatively cheap hardware.


  • Internet traffic monitoring
  • Monitoring other two-way communications, such as in power grids and smart vehicles
  • Real-time visualizations of network traffic
  • Network forensics for rapid identification of attack victims and originators
  • Automatic intrusion detection


  • Runs on inexpensive, commodity hardware. Orders of magnitude cheaper than existing solutions.
  • Examines all packets within a network stream; no need for packet sampling.
  • Visualization of data makes network anomalies easy to identify.