Title :
Real-time Analysis of Flow Data for Network Attack Detection
Author :
Münz, Gerhard ; Carle, Georg
Author_Institution :
Wilhelm Schickard Inst. for Comput. Sci., Univ. of Tuebingen, Tubingen
fDate :
May 21 2007-Yearly 25 2007
Abstract :
With the wide deployment of flow monitoring in IP networks, the analysis of the exported flow data has become an important research area. It has been shown that flow data can be used to detect traffic anomalies, DoS attacks, and the propagation of worms. In practice, anomalies and attacks should be detected as fast as possible in order to allow taking appropriate countermeasures. We describe the necessary steps from the raw flow data to the detection result in a systematic way. Furthermore, we present TOPAS, a system and framework for real-time analysis of flow data, that has been developed in order to meet these requirements. Performance measurements and various application examples point out the capabilities and benefits of our approach.
Keywords :
IP networks; security of data; IP networks; anomaly detection; flow monitoring; network attack detection; real-time analysis; Computer crime; Computer networks; Computer science; Computer worms; Computerized monitoring; Data analysis; IP networks; Measurement; Protocols; Telecommunication traffic; anomaly and attack detection; flow analysis; network monitoring;
Conference_Titel :
Integrated Network Management, 2007. IM '07. 10th IFIP/IEEE International Symposium on
Conference_Location :
Munich
Print_ISBN :
1-4244-0798-2
Electronic_ISBN :
1-4244-0799-0
DOI :
10.1109/INM.2007.374774
