NetFlow based intrusion detection system

In this paper, a NetFlow based anomaly intrusion detection system is presented. In addition, guidelines to properly configure and setup network device to minimize the possibilities that network attacks come from inside are also proposed. As the Internet becomes the platform of daily activities, the threat of network attack is also become more serious. Firewall along is not able to protect the system from being attacked through normal service channel. Furthermore, most of the current intrusion detection system focuses on the border of organization network. If the attack comes from inside, this setup does not provide any protection to hosts in the local network and the network itself. Therefore, we need to use other mechanism to protect the critical system as well as the network itself. We propose an inexpensive and easy to implement way to perform the anomaly type intrusion detection based on the NetFlow data exported from the routers or other network probes. Our system can detect several types of network attack from inside or outside and perform counter maneuver accordingly.