All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

On the Impact of Flow Monitoring Configuration

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F20%3A00115554" target="_blank" >RIV/00216224:14610/20:00115554 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1109/NOMS47738.2020.9110361" target="_blank" >http://dx.doi.org/10.1109/NOMS47738.2020.9110361</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1109/NOMS47738.2020.9110361" target="_blank" >10.1109/NOMS47738.2020.9110361</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    On the Impact of Flow Monitoring Configuration

  • Original language description

    Flow monitoring has become an essential source of information for intrusion detection systems and various forms of network data analytics. However, the attention of researchers is focused primarily on the utilisation of the flow data, and the process of flow data creation is often neglected. This lack of consideration negatively affects the results of data analytics. Either the results are suboptimal due to the low quality of the flow data, or a description of the configuration of the flow monitoring system is missing, which leads to irreproducible results. The goal of this paper is to demonstrate how the configuration of the flow monitoring system affects the resulting data. The most basic flow monitoring configuration variables are the flow expiration timeouts. We analyse their effect on the number of created flow records to show their importance. Moreover, we demonstrate that the choice of the flow expiration timeouts can have a severe impact on the network data analytics. The use-case of Slowloris attack detection is used as an example to illustrate this fact.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2020

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020)

  • ISBN

    9781728149738

  • ISSN

    2374-9709

  • e-ISSN

  • Number of pages

    7

  • Pages from-to

    1-7

  • Publisher name

    IEEE Xplore Digital Library

  • Place of publication

    Budapešť

  • Event location

    Budapešť

  • Event date

    Apr 20, 2020

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

Towards Real-Time Intrusion Detection for NetFlow and IPFIXFlow-Based Security Issue Detection in Building Automation and Control NetworksFlow-based Network Protection as an Integral Part of an Early Warning System