Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

R.J. Hofstede; Aiko Pras

Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

R.J. Hofstede
, Aiko Pras

Research output: Contribution to conference › Paper

200 Downloads (Pure)

Abstract

Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and the newer IPFIX aggregate packets into flows and are applicable in networks with line speeds in excess of 1Gbit/s. Intrusion detection systems need to be modified in order to deal with the aggregated flow data. As such, we have to consider constraints on the real-time and accurate detection of intrusions, imposed by the nature of current flow monitoring technologies. This poster presents a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems.

Original language	Undefined
Pages	22
Number of pages	1
Publication status	Published - May 2012
Event	TERENA Networking Conference 2012 - Reykjavik, Iceland Duration: 21 May 2012 → 24 May 2012

Conference

Conference	TERENA Networking Conference 2012
Period	21/05/12 → 24/05/12
Other	21-24 May 2012

Keywords

IR-82079
EWI-22308

Access to Document

https://tnc2012.terena.org/core/poster/21

Cite this

@conference{6dfe71b20de14fa184c9606282b439eb,

title = "Real-Time and Resilient Intrusion Detection: A Flow-Based Approach",

abstract = "Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and the newer IPFIX aggregate packets into flows and are applicable in networks with line speeds in excess of 1Gbit/s. Intrusion detection systems need to be modified in order to deal with the aggregated flow data. As such, we have to consider constraints on the real-time and accurate detection of intrusions, imposed by the nature of current flow monitoring technologies. This poster presents a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems.",

keywords = "IR-82079, EWI-22308",

author = "R.J. Hofstede and Aiko Pras",

year = "2012",

month = may,

language = "Undefined",

pages = "22",

note = "TERENA Networking Conference 2012 ; Conference date: 21-05-2012 Through 24-05-2012",

}

TY - CONF

T1 - Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

AU - Hofstede, R.J.

AU - Pras, Aiko

PY - 2012/5

Y1 - 2012/5

N2 - Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and the newer IPFIX aggregate packets into flows and are applicable in networks with line speeds in excess of 1Gbit/s. Intrusion detection systems need to be modified in order to deal with the aggregated flow data. As such, we have to consider constraints on the real-time and accurate detection of intrusions, imposed by the nature of current flow monitoring technologies. This poster presents a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems.

AB - Due to the demanding performance requirements of packet-based monitoring solutions on network equipment, flow-based intrusion detection systems will play an increasingly important role in current high-speed networks. The required technologies are already available and widely deployed: NetFlow and the newer IPFIX aggregate packets into flows and are applicable in networks with line speeds in excess of 1Gbit/s. Intrusion detection systems need to be modified in order to deal with the aggregated flow data. As such, we have to consider constraints on the real-time and accurate detection of intrusions, imposed by the nature of current flow monitoring technologies. This poster presents a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems.

KW - IR-82079

KW - EWI-22308

M3 - Paper

SP - 22

T2 - TERENA Networking Conference 2012

Y2 - 21 May 2012 through 24 May 2012

ER -