Publication details

Collaborative approach to network behaviour analysis based on hardware-accelerated FlowMon probes

Authors

REHÁK Martin PĚCHOUČEK Michal GRILL Martin BARTOŠ Karel KRMÍČEK Vojtěch ČELEDA Pavel

Year of publication 2009
Type Article in Periodical
Magazine / Source International Journal of Electronic Security and Digital Forensics
MU Faculty or unit

Faculty of Informatics

Citation
Field Informatics
Keywords hardware acceleration; knowledge fusion; multi-agent intrusion detection; network behaviour analysis; network intrusion detection; network security
Description Network behaviour analysis techniques are designed to detect intrusions and other undesirable behaviour in computer networks by analysing the traffic statistics. We present an efficient framework for integration of anomaly detection algorithms working on the identical input data. This framework is based on high-speed network traffic acquisition subsystem and on trust modelling, a well-established set of techniques from the multi-agent system field. Trust-based integration of algorithms results in classification with lower error rate, especially in terms of false positives. The presented system is suitable for both online and offline processing, and introduces a relatively low computational overhead compared to deployment of isolated anomaly detection algorithms.
Related projects: