• DocumentCode
    1479980
  • Title

    An Overview of IP Flow-Based Intrusion Detection

  • Author

    Sperotto, Anna ; Schaffrath, Gregor ; Sadre, Ramin ; Morariu, Cristian ; Pras, Aiko ; Stiller, Burkhard

  • Author_Institution
    Centre for Telematics, Inf. Technol., Univ. of Twente, Enschede, Netherlands
  • Volume
    12
  • Issue
    3
  • fYear
    2010
  • Firstpage
    343
  • Lastpage
    356
  • Abstract
    Intrusion detection is an important area of research. Traditionally, the approach taken to find attacks is to inspect the contents of every packet. However, packet inspection cannot easily be performed at high-speeds. Therefore, researchers and operators started investigating alternative approaches, such as flow-based intrusion detection. In that approach the flow of data through the network is analyzed, instead of the contents of each individual packet. The goal of this paper is to provide a survey of current research in the area of flow-based intrusion detection. The survey starts with a motivation why flow-based intrusion detection is needed. The concept of flows is explained, and relevant standards are identified. The paper provides a classification of attacks and defense techniques and shows how flow-based techniques can be used to detect scans, worms, Botnets and (DoS) attacks.
  • Keywords
    IP networks; computer network security; data flow analysis; invasive software; Botnets; DoS attacks; IP flow based intrusion detection; data flow; packet inspection; worms; Botnets; DoS; Network flows; attacks; intrusion detection; scan; worms;
  • fLanguage
    English
  • Journal_Title
    Communications Surveys & Tutorials, IEEE
  • Publisher
    ieee
  • ISSN
    1553-877X
  • Type

    jour

  • DOI
    10.1109/SURV.2010.032210.00054
  • Filename
    5455789
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1479980