Flow Based Security Awareness Framework for High-Speed Networks

Publication details

Authors	ČELEDA Pavel REHÁK Martin KRMÍČEK Vojtěch BARTOŠ Karel
Year of publication	2009
Type	Article in Proceedings
Conference	Security and Protection of Information 2009
MU Faculty or unit	Institute of Computer Science
Citation
Field	Informatics
Keywords	intrusion detection; network behavior analysis; anomaly detection; NetFlow; CAMNEP; FlowMon; Conficker
Description	It is a difficult task for network administrators and security engineers to ensure network security awareness in the daily barrage of network scans, spaming hosts, zero-day attacks and malicious network users hidden in huge traffic volumes crossing the internet. Advanced surveillance techniques are necessary to provide near real-time awareness of threads, external/internal attacks and system misuse. Our paper describes security awareness framework targeted for high-speed networks. We use several anomaly detection algorithms based on network behavioral analysis to classify legitimate and malicious traffic. Using network behavioral analysis in comparison with signature based methods allows us to recognize unknown or zero-day attacks.
Related projects:	CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment Reflective-Cognitive Adaptation for Network Intrusion Detection Systems

10 reasons why you will fall in love with MU