Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

R.J. Hofstede, Aiko Pras

    Research output: Contribution to conferencePaper

    55 Downloads (Pure)

    Abstract

    Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and the newer IPFIX aggregate packets into flows and are applicable in networks with line speeds in excess of 1Gbit/s. Intrusion detection systems need to be modified in order to deal with the aggregated flow data. As such, we have to consider constraints on the real-time and accurate detection of intrusions, imposed by the nature of current flow monitoring technologies. This poster presents a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems.
    Original languageUndefined
    Pages22
    Number of pages1
    Publication statusPublished - May 2012

    Keywords

    • IR-82079
    • EWI-22308

    Cite this

    @conference{6dfe71b20de14fa184c9606282b439eb,
    title = "Real-Time and Resilient Intrusion Detection: A Flow-Based Approach",
    abstract = "Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and the newer IPFIX aggregate packets into flows and are applicable in networks with line speeds in excess of 1Gbit/s. Intrusion detection systems need to be modified in order to deal with the aggregated flow data. As such, we have to consider constraints on the real-time and accurate detection of intrusions, imposed by the nature of current flow monitoring technologies. This poster presents a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems.",
    keywords = "IR-82079, EWI-22308",
    author = "R.J. Hofstede and Aiko Pras",
    year = "2012",
    month = "5",
    language = "Undefined",
    pages = "22",

    }

    Real-Time and Resilient Intrusion Detection: A Flow-Based Approach. / Hofstede, R.J.; Pras, Aiko.

    2012. 22.

    Research output: Contribution to conferencePaper

    TY - CONF

    T1 - Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

    AU - Hofstede, R.J.

    AU - Pras, Aiko

    PY - 2012/5

    Y1 - 2012/5

    N2 - Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and the newer IPFIX aggregate packets into flows and are applicable in networks with line speeds in excess of 1Gbit/s. Intrusion detection systems need to be modified in order to deal with the aggregated flow data. As such, we have to consider constraints on the real-time and accurate detection of intrusions, imposed by the nature of current flow monitoring technologies. This poster presents a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems.

    AB - Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and the newer IPFIX aggregate packets into flows and are applicable in networks with line speeds in excess of 1Gbit/s. Intrusion detection systems need to be modified in order to deal with the aggregated flow data. As such, we have to consider constraints on the real-time and accurate detection of intrusions, imposed by the nature of current flow monitoring technologies. This poster presents a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems.

    KW - IR-82079

    KW - EWI-22308

    M3 - Paper

    SP - 22

    ER -