Flow Based Security Awareness Framework for High-Speed Networks
Authors | |
---|---|
Year of publication | 2009 |
Type | Article in Proceedings |
Conference | Security and Protection of Information 2009 |
MU Faculty or unit | |
Citation | |
Field | Informatics |
Keywords | intrusion detection; network behavior analysis; anomaly detection; NetFlow; CAMNEP; FlowMon; Conficker |
Description | It is a difficult task for network administrators and security engineers to ensure network security awareness in the daily barrage of network scans, spaming hosts, zero-day attacks and malicious network users hidden in huge traffic volumes crossing the internet. Advanced surveillance techniques are necessary to provide near real-time awareness of threads, external/internal attacks and system misuse. Our paper describes security awareness framework targeted for high-speed networks. We use several anomaly detection algorithms based on network behavioral analysis to classify legitimate and malicious traffic. Using network behavioral analysis in comparison with signature based methods allows us to recognize unknown or zero-day attacks. |
Related projects: |