Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

R.J. Hofstede, Aiko Pras

    Research output: Contribution to conferencePaperAcademic

    76 Downloads (Pure)


    Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and the newer IPFIX aggregate packets into flows and are applicable in networks with line speeds in excess of 1Gbit/s. Intrusion detection systems need to be modified in order to deal with the aggregated flow data. As such, we have to consider constraints on the real-time and accurate detection of intrusions, imposed by the nature of current flow monitoring technologies. This poster presents a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems.
    Original languageUndefined
    Number of pages1
    Publication statusPublished - May 2012
    EventTERENA Networking Conference 2012 - Reykjavik, Iceland
    Duration: 21 May 201224 May 2012


    ConferenceTERENA Networking Conference 2012
    Other21-24 May 2012


    • IR-82079
    • EWI-22308

    Cite this