BARTOŠ, Karel, Martin GRILL, Vojtěch KRMÍČEK, Martin REHÁK and Pavel ČELEDA. Flow Based Network Intrusion Detection System using Hardware-Accelerated NetFlow Probes. In CESNET Conference 2008 : security, middleware, and virtualization – glue of future networks. Prague: CESNET, z. s. p. o, 2008, p. 49-56. ISBN 978-80-904173-0-4. |
Other formats:
BibTeX
LaTeX
RIS
@inproceedings{786653, author = {Bartoš, Karel and Grill, Martin and Krmíček, Vojtěch and Rehák, Martin and Čeleda, Pavel}, address = {Prague}, booktitle = {CESNET Conference 2008 : security, middleware, and virtualization – glue of future networks}, keywords = {network intrusion detection; anomaly detection; security; NetFlow}, language = {eng}, location = {Prague}, isbn = {978-80-904173-0-4}, pages = {49-56}, publisher = {CESNET, z. s. p. o}, title = {Flow Based Network Intrusion Detection System using Hardware-Accelerated NetFlow Probes}, url = {http://www.ces.net/events/2008/conference/}, year = {2008} }
TY - JOUR ID - 786653 AU - Bartoš, Karel - Grill, Martin - Krmíček, Vojtěch - Rehák, Martin - Čeleda, Pavel PY - 2008 TI - Flow Based Network Intrusion Detection System using Hardware-Accelerated NetFlow Probes PB - CESNET, z. s. p. o CY - Prague SN - 9788090417304 KW - network intrusion detection KW - anomaly detection KW - security KW - NetFlow UR - http://www.ces.net/events/2008/conference/ N2 - Current network intrusion detection methods based on anomaly detection approaches suffer from comparatively higher error rate and low performance. Proposed flow based network intrusion detection system addresses these issues by (i) using hardware-accelerated probes to collect unsampled NetFlow data from gigabit-speed network links and (ii) combining several anomaly detection algorithms by means of collective trust modeling, a multi-agent data fusion method. The data acquired on the network is preprocessed and passed to anomaly detection models to gather independent anomaly opinions for each flow. The anomaly data is passed to several trust models to aggregate the anomalies with past experience, and the flows are re-evaluated to obtain their trustfulness, which is further aggregated to detect malicious traffic. Experiments performed on-line on real campus network illustrate system suitability for real-time network surveillance. ER -
BARTOŠ, Karel, Martin GRILL, Vojtěch KRMÍČEK, Martin REHÁK and Pavel ČELEDA. Flow Based Network Intrusion Detection System using Hardware-Accelerated NetFlow Probes. In \textit{CESNET Conference 2008 : security, middleware, and virtualization – glue of future networks}. Prague: CESNET, z. s. p. o, 2008, p.~49-56. ISBN~978-80-904173-0-4.
|