Title :
Flow-based Front Payload Aggregation
Author :
Limmer, Tobias ; Dressler, Falko
Author_Institution :
Comput. Networks & Commun. Syst., Univ. of Erlangen, Erlangen, Germany
Abstract :
We present and discuss a new monitoring technique that we call front payload aggregation (FPA). Instead of being limited to either analyzing single packets for signature-based attack detection or exploiting statistical flow information for anomaly detection, FPA combines the advantages of both approaches. Exploiting the fact that most attack signatures can be found in the very first packets of a connection, we collect payload information from these few packets (we take the first n payload Bytes) and associate it to the corresponding flow data. Thus, intrusion detection can still be performed with a high degree of confidence and the monitoring system becomes efficient w.r.t. processing performance and attack resilience.
Keywords :
digital signatures; anomaly detection; flow-based front payload aggregation; intrusion detection; signature-based attack detection; Computer networks; Hardware; Information analysis; Intrusion detection; Monitoring; Payloads; Protocols; Resilience; Statistical analysis; Telecommunication traffic;
Conference_Titel :
Local Computer Networks, 2009. LCN 2009. IEEE 34th Conference on
Conference_Location :
Zurich
Print_ISBN :
978-1-4244-4488-5
Electronic_ISBN :
978-1-4244-4487-8
DOI :
10.1109/LCN.2009.5355213
