Flow-based front payload aggregation

Proceedings - Conference on Local Computer Networks, LCN

Volumn , Issue , 2009, Pages 1102-1109

  Limmer, Tobias ^a   Dressler, Falko ^a  

^a UNIVERSITY OF ERLANGEN NUREMBERG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALY DETECTION; ATTACK DETECTION; ATTACK SIGNATURE; DEGREE OF CONFIDENCE; FLOW DATA; FLOW INFORMATIONS; MONITORING SYSTEM; MONITORING TECHNIQUES; PAYLOAD INFORMATION; PROCESSING PERFORMANCE;

INTERNET;

INTRUSION DETECTION;

EID: 77951277650     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/LCN.2009.5355213     Document Type: Conference Paper

References (21)

1. V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time," Elsevier Computer Networks, vol. 31, no. 23-24, pp. 2435-2463, December 1999.
2. M. Roesch, "Snort: Lightweight Intrusion Detection for Networks," in 13th USENIX Conference on System Administration (LISA 1999), Seattle, WA, November 1999, pp. 229-238.
3. J. Jung, V. Paxson, A. W. Berger, and H. B. lakrishnan, "Fast Portscan Detection Using Sequential Hypothesis Testing," in IEEE Symposium on Security and Privacy, Berkeley/Oakland, CA, May 2004.
4. C. Estan, S. Savage, and G. Varghese, "Automatically Inferring Patterns of Resource Consumption in Network Traffic," in ACM SIGCOMM 2003. Karlsruhe, Germany: ACM, August 2003, pp. 137-148.
5. G. Carle, F. Dressler, R. A. Kemmerer, H. Koenig, C. Kruegel, and P. Laskov, "Network attack detection and defense - Manifesto of the Dagstuhl Perspective Workshop," Springer Computer Science - Research and Development (CSRD), vol. 23, no. 1, pp. 15-25, March 2009.
6. G. Schaffrath and B. Stiller, "Conceptual Integration of Flow-Based and Packet-Based Network Intrusion Detection," in Resilient Networks and Services, Second International Conference on Autonomous Infrastructure, Management and Security (AIMS 2008), ser. Lecture Notes in Computer Science, vol.5127. Bremen, Germany: Springer, July 2008, pp. 190-194.
7. G. Muenz, N. Weber, and G. Carle, "Signature Detection in Sampled Packets," in Workshop on Monitoring, Attack Detection and Mitigation (MonAM 2007), Toulouse, France, November 2007.
8. W. Willinger, M. S. Taqqu, R. Sherman, and d. V. Wilson, "Self-similarity through high-variability: statistical analysis of ethernet LAN traffic at the source level," in the conference on Applications, technologies, architectures, and protocols for computer communication. Cambridge, MA: ACM, 1995, pp. 100-113.
9. R. T. Lampert, C. Sommer, G. Münz, and F. Dressler, "Vermont - A Versatile Monitoring Toolkit Using IPFIX/PSAMP," in IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM 2006). Tübingen, Germany: IEEE, September 2006, pp. 62-65.
10. A. Greenhalgh, F. Huici, M. Hoerdt, P. Papadimitriou, M. Handley, and L. Mathy, "Flow processing and the rise of commodity network hardware," ACM SIGCOMM Computer Communication Review (CCR), vol. 39, no. 2, pp. 20-26, April 2009.
11. H. Dreger, A. Feldmann, V. Paxson, and R. Sommer, "Operational experiences with high-volume network intrusion detection," in 11th ACM Conference on Computer and Communications Security (ACM CCS 2004). Washington, DC: ACM, October 2004, pp. 2-11. (Pubitemid 40338184)
12. -, "Predicting the resource consumption of network intrusion detection systems," ACM SIGMETRICS Performance Evaluation Review, vol. 36, no. 1, pp. 437-438, 2008.
13. R. Sommer and V. Paxson, "Exploiting Independent State For Network Intrusion Detection," in 21st Annual Computer Security Applications Conference (ACSAC 2005), 2005, pp. 59-71. (Pubitemid 46116464)
14. G. Vasiliadis, S. Antonatos, M. Polychronakis, E. P. Markatos, and S. Ioannidis, "Gnort: High Performance Network Intrusion Detection Using Graphics Processors," in 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008), ser. Lecture Notes in Computer Science, vol.5230. Cambridge, MA: Springer, September 2008, pp. 116-134.
15. G. Maier, R. Sommer, H. Dreger, A. Feldmann, V. Payson, and F. Schneider, "Enriching Network Security Analysis with Time Travel," in ACM SIGCOMM 2008. New York, NY, USA: ACM Press, August 2008, pp. 183-194.
16. U. Shankar and V. Paxson, "Active Mapping: Resisting NIDS Evasion without Altering Traffic," in IEEE Symposium on Security and Privacy. Oakland, CA: IEEE, 2003, pp. 44-61.
17. M. Handley, V. Paxson, and C. Kreibich, "Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics," in 10th USENIX Security Symposium, Washington, DC, August 2001.
18. S. Dharmapurikar and V. Paxson, "Robust TCP stream reassembly in the presence of adversaries," in 14th USENIX Security Symposium, Baltimore, MD, July 2005.
19. B. Claise, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information," IETF, RFC 5101, January 2008.
20. B. Claise, A. Johnson, and J. Quittek, "Packet Sampling (PSAMP) Protocol Specifications," IETF, RFC 5476, March 2009.
21. J. Postel, "Transmission Control Protocol," RFC 793, September 1981.