Title :
Towards multi-layered intrusion detection in high-speed networks
Author :
Golling, M. ; Hofstede, Rick ; Koch, Robert
Author_Institution :
Fac. of Comput. Sci., Univ. der Bundeswehr Munchen, Neubiberg, Germany
Abstract :
Traditional Intrusion Detection approaches rely on the inspection of individual packets, often referred to as Deep Packet Inspection (DPI), where individual packets are scanned for suspicious patterns. However, the rapid increase of link speeds and throughputs - especially in larger networks such as backbone networks - seriously constrains this approach. First, devices capable of detecting intrusions on high-speed links of 10 Gbps and higher are rather expensive, or must be built based on complex arrays. Second, legislation commonly restricts the way in which backbone network operators can analyse the data in their networks. To overcome these constraints, flow-based intrusion detection can be applied, which traditionally focuses only on packet header fields and packet characteristics. Flow export technologies are nowadays embedded in most high-end packet forwarding devices and are widely used for network management, which makes this approach economically attractive.
Keywords :
computer network management; computer network security; DPI; backbone networks; deep packet inspection; flow-based intrusion detection; high-speed networks; network management; packet forwarding devices; High-speed networks; Inspection; Intrusion detection; Monitoring; Protocols; Standards; Taxonomy; Flow-Based Intrusion Detection; High-speed Networks; Intrusion Detection; Legal Inspection; Network Security;
Conference_Titel :
Cyber Conflict (CyCon 2014), 2014 6th International Conference On
Conference_Location :
Tallinn
Print_ISBN :
978-9949-9544-0-7
DOI :
10.1109/CYCON.2014.6916403
