A NetFlow based flow analysis and monitoring system in enterprise networks

Computer Networks

Volumn 52, Issue 5, 2008, Pages 1074-1092

  Bin, Liu ^a   Chuang, Lin ^a   Jian, Qiao ^b   Jianping, He ^a   Ungsunan, Peter ^a  

^a TSINGHUA UNIVERSITY   (China)

^b BEIJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS   (China)

Author keywords

Intrusion detection; Matching pattern; NetFlow; Similarity; Traffic measurement

Indexed keywords

DATA ACQUISITION; DATABASE SYSTEMS; INTRUSION DETECTION; PATTERN MATCHING; SERVERS; TELECOMMUNICATION TRAFFIC; WEB SERVICES;

TRAFFIC MEASUREMENT;

DATA FLOW ANALYSIS;

EID: 39649109444     PISSN: 13891286     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comnet.2007.12.004     Document Type: Article

References (43)

1. Cisco, Cisco IOS NetFlow Technology Data Sheet. .
2. Chen T. Intrusion detection for viruses and worms. IEC Annual Review of Communications 57 Fall (2004)
3. Wang H., Zhang D., and Shin K.G. Detecting SYN flooding attacks. INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE 3 23-27 (2002) 1530-1539
4. Siris V.A., and Papagalou F. Application of anomaly detection algorithms for detecting SYN flooding attacks. Global Telecommunications Conference 29 3 (2004) 2050-2054
5. Seung-won Shin, Ki-young Kim, Jong-soo Jang, D-SAT: detecting SYN flooding attack by two-stage statistical approach, applications and the Internet, in: Proceedings, The 2005 Symposium on 31 January-4 February 2005, pp. 430-436.
6. J.B.D. Caberera, T.B. Ravichandran, R.K. Mehra, Statistical traffic modeling for network intrusion detection, in: Proceedings of 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, 2000, 29(1), 2000, pp. 466-473.
7. John E. Dickerson, Jukka Juslin, Ourania Koukousoula, Julie A. Dickerson, Fuzzy intrusion detection, in: IFSA World Congress and 20th NAFIPS International Conference 9(3), 2001, vol. 1506-1510.
8. R.C. Garcia, M.N.O. Sadiku, J.D. Cannady, WAID: wavelet analysis intrusion detection, circuits and systems, 2002, in: M-WSCAS-2002, The 2002 45th Midwest Symposium, vol. 3, 4-7 August 2002, pp. III-688-III-691.
9. M. Li, W. Jia, W. Zhao, Decision analysis of network based intrusion detection systems for denial-of-service attacks, in: Proceedings, IEEE Conferences on Info-tech and Infonet, 2001.
10. Yiming Gong, Detecting Worms, and Anomaly Activities with NetFlow. .
11. Richard Stevens W. TCP/IP Illustrated (Vol. 1: The Protocols) (1994), Addison Wesley
12. P. Huang, A. Feldmann, A.C. Gilbert, W. Willinger, Dynamics of ip traffic: a study of the role of variability and the impact of control, in: ACM SIGCOMM'99, vol. 29, Massachusetts, USA, 1999.
13. Shieh S.-P., and Gligor V.D. On a Patter-oriented model for intrusion detection. IEEE Transactions on Knowledge and data Engineering 9 4 (1997)
14. Shiuh-Pyng Shieh, Virgil D. Gligor, A pattern-oriented intrusion detection system and its applications, in: Proceedings of IEEE symposium Research in Security and Privacy, Oakland, CA, May 1991, pp. 327-342.
15. Sandeep Kumar, Eugene H. Spafford, A pattern matching model for misuse intrusion detection, in: Proceedings of the 17th National Computer security conference, Baltimore, MD, 1994.
16. C.J. Coit, S. Staniford, J. McAlemey, Towards faster string matching for intrusion detection or exceeding the speed of snort, in: DARPA Information Survivability Conference and Exposition (DISCEX II 01), Anaheim, CA, June 2001.
17. Brodsky B.E., and Darkhovsky B.S. Nonparametric Methods in Change-point Problems (1993), Kluwer Academic Publishers, Dordrecht
18. Basseville M., and Nikiforov I.V. Detection of Abrupt Changes: Theory and Application (1993), Prentice Hall, Englewood cliffs, NJ
19. Paxson V., and Floyd S. Wide-area traffic: the failure of Poisson modeling. IEEE/ACM Trans Networking 3 3 (1995)
20. T. Peng, C. Leckie, K. Ramamohanarao, Detecting reflector attacks by sharing beliefs, in: Proceedings of the IEEE 2003 Global Communications Conference (Globecom 2003), vol. 3, San Francisco, California, USA, 2003b, pp. 1358-1362.
21. T. Peng, C. Leckie, K. Ramamohanarao, Proactively detecting DDoS attack using source IP address monitoring, in: Proceedings of Networking 2004, Athens, Greece, 2004, pp. 771-782.
22. Harold S. Javitz, Alfonso Valdes, The NIDES statistical component: description and justification, SRI International, March 1993.
23. Zheng Zhang, Jun Li, C.N. Manikopoulos, Jay Jorgenson, Jose Ucles, HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification, in: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West point, NY, 5-6 June, 2001.
24. Naiman D.Q. Statistical anomaly detection via httpd data analysis. Computational Statistics & Data Analysis (2004) 51-67
25. Wenke Lee, Salvatore J. Stolfo, Kui W. Mok, A data mining framework for building intrusion detection models, in: Proceedings of the 20th IEEE symposium on security and privacy, Oakland, CA 1999.
26. Wenke Lee, Salvatore J. Stolfo, Data mining approaches for Intrusion detection system, in: Proceedings of the 7th USENIX security symposium, San Antonio, TX, January, 1998.
27. Bertrand Portier, Jerome Froment, Data mining techniques for Intrusion detection, Data mining term paper, The University of Texas, Spring, 2000.
28. Srinivas Mukkamala, Guadalupe Janoski, Andrew Sung, Intrusion detection using neural networks and support vector machines, Appeared in IEEE IJCNN, May 2002.
29. Herve Debar, Monique Becker, Didier Siboni, A neural network component for an Intrusion Detection System, in: Proceedings of the 1992 IEEE computer Society Symposium on research in Computer Security and Privacy, 1992, pp. 240-250.
30. Ryan J., and Lin M.-J. Intrusion detection with neural networks. Advances in Neural Information Processing Systems vol. 10 (1998), MIT press
31. Ludovic Me, GASSATA, a genetic algorithm as an alternative tool for security audit trail analysis, in: 1st International Conference on the Recent Advances in Intrusion Detection, Belgium 1998.
32. Susan M. Bridges, Rayford B. Vaughn, Fuzzy data mining and genetic algorithms, applied to Intrusion Detection.
33. Li W. Using Genetic Algorithm for Network Intrusion Detection (2004), SANS Institute
34. Juca K.R.L., and Boukerche A. Human immune anomayand misuse based detection for computer system operations: part II. Proceedings of the International Parallel and Distributed Processing Symposium (IPDPS'03) (2003), IEEE
35. Nishiyama H., and Mizoguchi F. Design of security system based on immune system. Proceedings of the 10th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprozes (WETICE'01) (2001), IEEE
36. Stephanie Forrest, Thomas A. Longstaff, A sense of self for UNIX processes, in: Proceedings of 1996 IEEE Symposium on Computer security and Privacy, Los Alamos, CA, pp. 120-128.
37. Jan van Lunteren, High-performance pattern-matching for intrusion detection, in: Proceedings of IEEE INFOCOM 2006, April 2006, pp. 1-13.
38. Z.K. Baker, V.K. Prasanna, High-throughput linked-pattern matching for intrusion detection systems, in: Proceedings of the First Annual ACM Symposium on Architectures for Networking and Communications Systems, 2005.
39. Tan L., and Sherwood T. Architectures for bit-split string scanning in intrusion detection. IEEE Micro January-February (2006)
40. N.S. Artan, H. Jonathan Chao, TriBiCa: Trie bitmap content analyzer for high-speed network intrusion detection, in: Proceedings of IEEE INFOCOM 2007, May 2007, pp. 125-133.
41. C.-T. Huang, S. Thareja, Y.-J. Shin, Wavelet-based real time detection of network traffic anomalies, in: Proceedings of Workshop on Enterprise Network Security (WENS 2006) (in assoc. with Second SecureComm), August 2006.
42. D̈ubendorfer T., and Plattner B. Host behaviour based early detection of worm outbreaks in internet backbones. Proceedings of 14th IEEE WET ICE/ STCA Security Workshop (2005), IEEE
43. T. D̈ubendorfer, B. Plattner, A framework for real-time worm attack detection and backbone monitoring, in: Proceedings of IWCIP 2005, November 2005.