• DocumentCode
    2698091
  • Title

    Flow-based Front Payload Aggregation

  • Author

    Limmer, Tobias ; Dressler, Falko

  • Author_Institution
    Comput. Networks & Commun. Syst., Univ. of Erlangen, Erlangen, Germany
  • fYear
    2009
  • fDate
    20-23 Oct. 2009
  • Firstpage
    1102
  • Lastpage
    1109
  • Abstract
    We present and discuss a new monitoring technique that we call front payload aggregation (FPA). Instead of being limited to either analyzing single packets for signature-based attack detection or exploiting statistical flow information for anomaly detection, FPA combines the advantages of both approaches. Exploiting the fact that most attack signatures can be found in the very first packets of a connection, we collect payload information from these few packets (we take the first n payload Bytes) and associate it to the corresponding flow data. Thus, intrusion detection can still be performed with a high degree of confidence and the monitoring system becomes efficient w.r.t. processing performance and attack resilience.
  • Keywords
    digital signatures; anomaly detection; flow-based front payload aggregation; intrusion detection; signature-based attack detection; Computer networks; Hardware; Information analysis; Intrusion detection; Monitoring; Payloads; Protocols; Resilience; Statistical analysis; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Local Computer Networks, 2009. LCN 2009. IEEE 34th Conference on
  • Conference_Location
    Zurich
  • Print_ISBN
    978-1-4244-4488-5
  • Electronic_ISBN
    978-1-4244-4487-8
  • Type

    conf

  • DOI
    10.1109/LCN.2009.5355213
  • Filename
    5355213
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2698091