Flow-based intrusion detection

Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management, IM 2011

Volumn , Issue , 2011, Pages 958-963

  Sperotto, Anna ^a   Pras, Aiko ^a  

^a UNIVERSITY OF TWENTE   (Netherlands)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATIC SYSTEMS; AUTOMATIC TUNING; DATA SETS; DETECTION PROBLEMS; FALSE ALARMS; GROUND TRUTH; HIGH BANDWIDTH; INTERNET SERVICES; INTRUSION DETECTION SYSTEMS; KEY COMPONENT; LABELED DATA; NETWORK FLOWS; NETWORK TRAFFIC; OPTIMIZATION PROCEDURES; RESEARCH COMMUNITIES; SCALABILITY ISSUE; STRUCTURED APPROACH; SYSTEM VALIDATION; TRAFFIC MODEL;

DAMAGE DETECTION; HIDDEN MARKOV MODELS; INTERNET; NETWORK MANAGEMENT; RESEARCH;

INTRUSION DETECTION;

EID: 80052768358     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INM.2011.5990529     Document Type: Conference Paper

References (27)

1. A. Sperotto, G. Vliek, R. Sadre, and A. Pras, "Detecting Spam at the Network Level," in Proc. of the 15th Open European Summer School and IFIP TC6.6 Workshop (EUNICE '09), 2009, pp. 208-216.
2. A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller, "An Overview of IP Flow-Based Intrusion Detection," IEEE Communications Surveys & Tutorials, vol. 12, no. 3, pp. 343-356, 2010.
3. A. Sperotto, R. Sadre, and A. Pras, "Anomaly Characterization in Flow-Based Traffic Time Series," in Proc. of the 8th IEEE International Workshop on IP Operations and Management (IPOM '08), 2008, pp. 15-27.
4. A. Sperotto, R. Sadre, D. F. van Vliet, and A. Pras, "A Labeled Data Set For Flow-based Intrusion Detection," in Proc. of the 9th IEEE International Workshop on IP Operations and Management (IPOM '09), 2009, pp. 39-50.
5. A. Sperotto, R. Sadre, P. T. de Boer, and A. Pras, "Hidden Markov Model modeling of SSH brute-force attacks," in Proc. of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM '09) (Best Paper Award), 2009, pp. 164-176.
6. R. J. Hofstede, A. Sperotto, T. Fioreze, and A. Pras, "The Network Data Handling War: MySQL vs. NfDump," in Proc. of the 16th EUNICE/IFIP WG 6.6 Workshop on Networked Services and Applications, 2010, pp. 167-176.
7. A. Pras, R. Sadre, A. Sperotto, T. Fioreze, D. Hausheer, and J. Schoenwaelder, "Using NetFlow/IPFIX for Network Management," Journal of Network and Systems Management, vol. 17, no. 4, 2009.
8. T. Fioreze, L. Granville, A. Pras, A. Sperotto, and R. Sadre, "Self-Management of Hybrid Networks: Can We Trust NetFlow Data?" in Proc. of the 11th IFIP/IEEE International Symposium on Integrated Network Management (IM '09), 2009, pp. 577-584.
9. A. Sperotto and R. van de Meent, "A Survey of the High-Speed Self-Learning Intrusion Detection Research Area," in Proc. of the First International Conference on Autonomous Infrastructure, Management and Security (AIMS '07), 2007, pp. 196-199.
10. A. Sperotto and M. Pelillo, "Szemeredi's Regularity Lemma and Its Applications to Pairwise Clustering and Segmentation," in Proc. of the 6th International Conference on Energy Minimization Methods in Computer Vision and Pattern Recognition Energy Minimization Methods in Computer Vision and Pattern Recognition (EMMCVPR '07), 2007, pp. 13-27.
11. International Telecommunication Union, "Ict statistics," http://www.itu.int/ITU-D/icteye/, Jan. 2010.
12. Internet 2, "Internet 2 research network," http://www. internet2.edu/, Jan. 2011.
13. W. van Wanrooij and A. Pras, "Filtering Spam from Bad Neighborhoods," International Journal of Network Management (accepted for publication), 2010.
14. B. Claise, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information," RFC 5101 (Proposed Standard), 2008.
15. C. Kruegel, F. Valeur, and G. Vigna, Intrusion Detection and Correlation: Challenges and Solutions. Springer-Verlag Telos, 2004.
16. H. Debar, M. Dacier, and A. Wespi, "A revised taxonomy for intrusion detection systems," Annales des Telecommunications, vol. 55, no. 7-8, pp. 361-378, 2000.
17. S. Axelsson, "Intrusion detection systems: A survey and taxonomy," Chalmers Univ., Tech. Rep. 99-15, 2000.
18. M. Gao, K. Zhang, and J. Lu, "Efficient packet matching for gigabit network intrusion detection using TCAMs," in Proc. of 20th Int. Conf. on Advanced Information Networking and Applications (AINA'06), 2006, pp. 249-254.
19. G. Vasiliadis, S. Antonatos, M. Polychronakis, E. P. Markatos, and S. Ioannidis, "Gnort: High Performance Network Intrusion Detection Using Graphics Processors," in Proc. of the 11th Int. Symp. on Recent Advances in Intrusion Detection (RAID '08), 2008, pp. 116-134.
20. M. Roesch, "Snort, intrusion detection system," http://www.snort.org, Jan. 2011.
21. H. Dreger, A. Feldmann, V Paxson, and R. Sommer, "Operational experiences with high-volume network intrusion detection," in Proc. of the 11th ACM Conf. on Computer and Communications Security (CCS '04), 2004, pp. 2-11.
22. P. Haag, "Nfsen: Netflow sensor," http://nfsen.sourceforge.net, Jan. 2011.
23. The Cooperative Association for Internet Data Analysis, "CAIDA DATA," http://www.caida.org/data, Jan. 2011.
24. CRAWDAD, "Community Resource for Archiving Wireless Data At Dartmouth," http://crawdad.cs.dartmouth.edu/, Jan. 2011.
25. Simpleweb, "Trace repository," http://traces.simpleweb.org, Jan. 2011.
26. P. Horn, "Autonomic computing: IBM's Perspective on the State of Information Technology," http://www.research.ibm.com, 2001.
27. L. R. Rabiner, "A tutorial on hidden Markov models and selected applications in speech recognition," Proc. of the IEEE, vol. 77, no. 2, pp. 257-286, 1989.