Informace o publikaci

NetFlow Based Network Protection

Název česky Obrana počítačové sítě s využitím NetFlow


Rok publikování 2012
Druh Článek ve sborníku
Konference Proceedings of 7th International ICST Conference on Security and Privacy in Communication Networks
Fakulta / Pracoviště MU

Fakulta informatiky

Obor Informatika
Klíčová slova active network defense; NetFlow; flow monitoring; HAMOC
Popis Protecting network perimeter against adversaries both from inside and outside is a crucial task for nowadays network administrators. Inspecting all network traffic by traditional deep packet inspection is very resource intensive task in high speed networks and scalable solutions are needed. In our work, we describe network protection system based on NetFlow data. It uses hardware accelerated monitoring center (HAMOC) for inspecting network traffic, generating NetFlow data and also for ac- tive filtration/blocking of malicious traffic. Active network protection use case against brute force dictionary attacks is presented and also other network protection use cases are discussed. Main contribution of this work are: (i) scalable solution suitable for current high-speed networks (10 Gbps and more), (ii) use of hadrware accelerated HAMOC platform performing both monitoring and traffic filtering, (iii) light-weight alter- native using software tools instead of hardware platform suitable for protection of networks with lower amount of traffic.
Související projekty: