NetFlow Based Network Protection
Authors | |
---|---|
Year of publication | 2012 |
Type | Article in Proceedings |
Conference | Proceedings of 7th International ICST Conference on Security and Privacy in Communication Networks |
MU Faculty or unit | |
Citation | |
Field | Informatics |
Keywords | active network defense; NetFlow; flow monitoring; HAMOC |
Description | Protecting network perimeter against adversaries both from inside and outside is a crucial task for nowadays network administrators. Inspecting all network traffic by traditional deep packet inspection is very resource intensive task in high speed networks and scalable solutions are needed. In our work, we describe network protection system based on NetFlow data. It uses hardware accelerated monitoring center (HAMOC) for inspecting network traffic, generating NetFlow data and also for ac- tive filtration/blocking of malicious traffic. Active network protection use case against brute force dictionary attacks is presented and also other network protection use cases are discussed. Main contribution of this work are: (i) scalable solution suitable for current high-speed networks (10 Gbps and more), (ii) use of hadrware accelerated HAMOC platform performing both monitoring and traffic filtering, (iii) light-weight alter- native using software tools instead of hardware platform suitable for protection of networks with lower amount of traffic. |
Related projects: |