Other formats:
BibTeX
LaTeX
RIS
@misc{827358, author = {Rehák, Martin and Čeleda, Pavel and Pěchouček, Michal and Novotný, Jiří}, keywords = {CAMNEP; FlowMon; NetFlow; security; anomaly detection; IDS}, language = {eng}, title = {CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes}, url = {http://www.cert.org/flocon/2009/proceedings.html}, year = {2009} }
TY - GEN ID - 827358 AU - Rehák, Martin - Čeleda, Pavel - Pěchouček, Michal - Novotný, Jiří PY - 2009 TI - CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes KW - CAMNEP KW - FlowMon KW - NetFlow KW - security KW - anomaly detection KW - IDS UR - http://www.cert.org/flocon/2009/proceedings.html L2 - http://www.cert.org/flocon/2009/proceedings.html N2 - Current network behavior analysis methods based on anomaly detection approaches suffer from comparatively higher error rate and low performance. We propose a framework system which addresses these issues by (i) using hardware-accelerated probes to collect unsampled NetFlow/IPFIX data from gigabit-speed network links and (ii) combining several anomaly detection algorithms by means of collective trust modeling, a multi-agent data fusion method. The data acquired on the network is preprocessed in the collector database and then passed to several anomaly detection methods to obtain several independent anomaly opinions for each flow. Each of these methods uses a distinct set of aggregate traffic features to determine the anomaly of each flow, which is determined by comparing the observed flows with a method-specific traffic prediction and/or a set of rules. The anomaly data is passed to several trust models to aggregate the current anomalies with past experience. Depending on the specific network, it can remove up to 95 % of false positives. ER -
REHÁK, Martin, Pavel ČELEDA, Michal PĚCHOUČEK and Jiří NOVOTNÝ. \textit{CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes}. 2009.
|