Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

R.J. Hofstede; Aiko Pras

doi:10.1007/978-3-642-30633-4_13

Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

R.J. Hofstede, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

7 Citations (Scopus)

81 Downloads (Pure)

Abstract

Flow-based intrusion detection will play an important role in high-speed networks, due to the stringent performance requirements of packet-based solutions. Flow monitoring technologies, such as NetFlow or IPFIX, aggregate individual packets into flows, requiring new intrusion detection algorithms to deal with the aggregated data. These algorithms are subject to constraints on real-time and accurate detection of intrusions, due to the nature of current flow monitoring technologies. In this paper, we propose a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems. This research is still in its initial phase and will contribute to a Ph.D. thesis after four years.

Original language	Undefined
Title of host publication	Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012)
Place of Publication	Berlin
Publisher	Springer
Pages	109-112
Number of pages	4
ISBN (Print)	978-3-642-30632-7
DOIs	https://doi.org/10.1007/978-3-642-30633-4_13
Publication status	Published - Jun 2012
Event	6th International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2012 - Luxembourg, Luxembourg Duration: 4 Jun 2012 → 8 Jun 2012

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Verlag
Volume	7279
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	6th International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2012
Period	4/06/12 → 8/06/12
Other	4-8 June 2012

Keywords

METIS-287905
EWI-21998
EC Grant Agreement nr.: FP7/257513
IR-80709

Access to Document

10.1007/978-3-642-30633-4_13

Cite this

@inproceedings{165080cbf9a042dd8c9a7041c3c06af7,

title = "Real-Time and Resilient Intrusion Detection: A Flow-Based Approach",

abstract = "Flow-based intrusion detection will play an important role in high-speed networks, due to the stringent performance requirements of packet-based solutions. Flow monitoring technologies, such as NetFlow or IPFIX, aggregate individual packets into flows, requiring new intrusion detection algorithms to deal with the aggregated data. These algorithms are subject to constraints on real-time and accurate detection of intrusions, due to the nature of current flow monitoring technologies. In this paper, we propose a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems. This research is still in its initial phase and will contribute to a Ph.D. thesis after four years.",

keywords = "METIS-287905, EWI-21998, EC Grant Agreement nr.: FP7/257513, IR-80709",

author = "R.J. Hofstede and Aiko Pras",

note = "10.1007/978-3-642-30633-4_13 ; null ; Conference date: 04-06-2012 Through 08-06-2012",

year = "2012",

month = jun,

doi = "10.1007/978-3-642-30633-4_13",

language = "Undefined",

isbn = "978-3-642-30632-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "109--112",

booktitle = "Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012)",

address = "Netherlands",

}

Hofstede, RJ & Pras, A 2012, Real-Time and Resilient Intrusion Detection: A Flow-Based Approach. in Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012). Lecture Notes in Computer Science, vol. 7279, Springer, Berlin, pp. 109-112, 6th International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2012, 4/06/12. https://doi.org/10.1007/978-3-642-30633-4_13

Real-Time and Resilient Intrusion Detection: A Flow-Based Approach. / Hofstede, R.J.; Pras, Aiko.

Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012). Berlin : Springer, 2012. p. 109-112 (Lecture Notes in Computer Science; Vol. 7279).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

AU - Hofstede, R.J.

AU - Pras, Aiko

N1 - 10.1007/978-3-642-30633-4_13

PY - 2012/6

Y1 - 2012/6

N2 - Flow-based intrusion detection will play an important role in high-speed networks, due to the stringent performance requirements of packet-based solutions. Flow monitoring technologies, such as NetFlow or IPFIX, aggregate individual packets into flows, requiring new intrusion detection algorithms to deal with the aggregated data. These algorithms are subject to constraints on real-time and accurate detection of intrusions, due to the nature of current flow monitoring technologies. In this paper, we propose a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems. This research is still in its initial phase and will contribute to a Ph.D. thesis after four years.

AB - Flow-based intrusion detection will play an important role in high-speed networks, due to the stringent performance requirements of packet-based solutions. Flow monitoring technologies, such as NetFlow or IPFIX, aggregate individual packets into flows, requiring new intrusion detection algorithms to deal with the aggregated data. These algorithms are subject to constraints on real-time and accurate detection of intrusions, due to the nature of current flow monitoring technologies. In this paper, we propose a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems. This research is still in its initial phase and will contribute to a Ph.D. thesis after four years.

KW - METIS-287905

KW - EWI-21998

KW - EC Grant Agreement nr.: FP7/257513

KW - IR-80709

U2 - 10.1007/978-3-642-30633-4_13

DO - 10.1007/978-3-642-30633-4_13

M3 - Conference contribution

SN - 978-3-642-30632-7

T3 - Lecture Notes in Computer Science

SP - 109

EP - 112

BT - Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012)

PB - Springer

CY - Berlin

Y2 - 4 June 2012 through 8 June 2012

ER -