Flow Based Network Intrusion Detection System usingHardware-Accelerated NetFlow Probes
作者: Karel Bartoš , Martin Grill , Vojtěch Krmíček , Martin Rehák , Pavel Čeleda
DOI:
关键词:
摘要: Current network intrusion detection methods based on anomaly detection approaches suffer from comparatively higher error rate and low performance. Proposed flow intrusion detection system addresses these issues by (i) using hardware-accelerated probes to collect unsampled NetFlow data from gigabit-speed links (ii) combining several anomaly algorithms means of collective trust modeling, a multi-agent data fusion method. The acquired on the is preprocessed passed anomaly detection models gather independent opinions for each flow. The several trust models aggregate the anomalies with past experience, flows are re-evaluated obtain their trustfulness, which further aggregated detect malicious traffic. Experiments performed on-line real campus illustrate suitability for real-time surveillance.
参考文章(8)
Martin Rehak, Michal Pechoucek, Martin Grill, Karel Bartos, Pavel Celeda, Vojtech Krmicek, Collaborative Approach to Network Behavior Analysis International Conference on Global e-Security. ,vol. 12, pp. 153- 160 ,(2008) , 10.1007/978-3-540-69403-8_19
Supratik Bhattacharyya, Kuai Xu, Zhi-Li Zhang, Reducing unwanted traffic in a backbone network conference on steps to reducing unwanted traffic on internet. pp. 2- 2 ,(2005)
Martin Rehák, Michal Pěchouček, Martin Grill, Karel Bartos, None, Trust-Based Classifier Combination for Network Anomaly Detection cooperative information agents. pp. 116- 130 ,(2008) , 10.1007/978-3-540-85834-8_11
Martin Rehak, Michal Pěchouček, Karel Bartoš, Martin Grill, Pavel Čeleda, Vojtěch Krmíček, CAMNEP: An intrusion detection system for high-speed networks Progress in Informatics. ,vol. 2008, pp. 65- ,(2008) , 10.2201/NIIPI.2008.5.7
Anukool Lakhina, Mark Crovella, Christophe Diot, Mining anomalies using traffic feature distributions acm special interest group on data communication. ,vol. 35, pp. 217- 228 ,(2005) , 10.1145/1080091.1080118
A. Sridharan, Tao Ye, S. Bhattacharyya, Connectionless port scan detection on the backbone international performance computing and communications conference. pp. 76- 76 ,(2006) , 10.1109/.2006.1629454
Dany Bergeron, Charles Desjardins, Julien Laumonier, Brahim Chaib-draa, Network Intrusion Detection by Means of Community of Trusting Agents ieee wic acm international conference on intelligent agent technology. pp. 498- 504 ,(2007) , 10.1109/IAT.2007.74
Karen Scarfone, Peter Mell, None, Guide to Intrusion Detection and Prevention Systems (IDPS) Special Publication (NIST SP) - 800-94. ,(2007) , 10.6028/NIST.SP.800-94