Publication details

Flow Based Security Awareness Framework for High-Speed Networks

Authors

ČELEDA Pavel REHÁK Martin KRMÍČEK Vojtěch BARTOŠ Karel

Year of publication 2009
Type Article in Proceedings
Conference Security and Protection of Information 2009
MU Faculty or unit

Institute of Computer Science

Citation
Field Informatics
Keywords intrusion detection; network behavior analysis; anomaly detection; NetFlow; CAMNEP; FlowMon; Conficker
Description It is a difficult task for network administrators and security engineers to ensure network security awareness in the daily barrage of network scans, spaming hosts, zero-day attacks and malicious network users hidden in huge traffic volumes crossing the internet. Advanced surveillance techniques are necessary to provide near real-time awareness of threads, external/internal attacks and system misuse. Our paper describes security awareness framework targeted for high-speed networks. We use several anomaly detection algorithms based on network behavioral analysis to classify legitimate and malicious traffic. Using network behavioral analysis in comparison with signature based methods allows us to recognize unknown or zero-day attacks.
Related projects: