From Signature-Based Towards Behaviour-Based Anomaly Detection
Authors | |
---|---|
Year of publication | 2010 |
Type | Article in Proceedings |
Conference | RTO-MP-IST-091 PRE-RELEASE: Information Assurance and Cyber Defence |
MU Faculty or unit | |
Citation | |
Web | http://ftp.rta.nato.int/public//PubFullText/RTO/MP/RTO-MP-IST-091///MP-IST-091-P02.doc |
Field | Informatics |
Keywords | deep packet inspection; network behaviour analysis; cyber attack; |
Description | Cyber attacks are widespread and even they may have a serious impact on national security (e. g., in Estonia in 2007 and Georgia in 2008). Computer networks abused for these attacks are getting faster and encrypted. Limitations of current network intrusion detection systems performing deep packet inspection are a) low throughput that is not sufficient for traffic in multitigabit networks and b) inability of processing encrypted traffic. A different aproach to intrusion detection, network behaviour analysis (NBA), overcomes these limitation. It relies on statistics information of network traffic flows. We present particular examples of NBA in this paper. |
Related projects: |