NetFlow Based Network Protection

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.
Authors

KRMÍČEK Vojtěch VYKOPAL Jan

Year of publication 2012
Type Article in Proceedings
Conference Proceedings of 7th International ICST Conference on Security and Privacy in Communication Networks
MU Faculty or unit

Faculty of Informatics

Citation
Field Informatics
Keywords active network defense; NetFlow; flow monitoring; HAMOC
Description Protecting network perimeter against adversaries both from inside and outside is a crucial task for nowadays network administrators. Inspecting all network traffic by traditional deep packet inspection is very resource intensive task in high speed networks and scalable solutions are needed. In our work, we describe network protection system based on NetFlow data. It uses hardware accelerated monitoring center (HAMOC) for inspecting network traffic, generating NetFlow data and also for ac- tive filtration/blocking of malicious traffic. Active network protection use case against brute force dictionary attacks is presented and also other network protection use cases are discussed. Main contribution of this work are: (i) scalable solution suitable for current high-speed networks (10 Gbps and more), (ii) use of hadrware accelerated HAMOC platform performing both monitoring and traffic filtering, (iii) light-weight alter- native using software tools instead of hardware platform suitable for protection of networks with lower amount of traffic.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info