All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Towards Real-Time Intrusion Detection for NetFlow and IPFIX

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F13%3APU107068" target="_blank" >RIV/00216305:26230/13:PU107068 - isvavai.cz</a>

  • Result on the web

    <a href="http://www.cnsm-conf.org/2013/documents/papers/CNSM/p227-hofstede.pdf" target="_blank" >http://www.cnsm-conf.org/2013/documents/papers/CNSM/p227-hofstede.pdf</a>

  • DOI - Digital Object Identifier

Alternative languages

  • Result language

    angličtina

  • Original language name

    Towards Real-Time Intrusion Detection for NetFlow and IPFIX

  • Original language description

    DDoS attacks bring serious economic and technical damage to networks and enterprises. Timely detection and mitigation are therefore of great importance. However, when flow monitoring systems are used for intrusion detection, as it is often the case in campus, enterprise and backbone networks, timely data analysis is constrained by the architecture of NetFlow and IPFIX. In their current architecture, the analysis is performed after certain timeouts, which generally delays the intrusion detection for several minutes. This paper presents a functional extension for both NetFlow and IPFIX flow exporters, to allow for timely intrusion detection and mitigation of large flooding attacks. The contribution of this paper is threefold. First, we integrate a lightweight intrusion detection module into a flow exporter, which moves detection closer to the traffic observation point. Second, our approach mitigates attacks in near real-time by instructing firewalls to filter malicious traffic. Third, we filter flow data of malicious traffic to prevent flow collectors from overload. We validate our approach by means of a prototype that has been deployed on a backbone link of the Czech national research and education network CESNET.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/ED1.1.00%2F02.0070" target="_blank" >ED1.1.00/02.0070: IT4Innovations Centre of Excellence</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>Z - Vyzkumny zamer (s odkazem do CEZ)<br>S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2013

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of the 9th International Conference on Network and Service Management

  • ISBN

    978-3-901882-53-1

  • ISSN

  • e-ISSN

  • Number of pages

    6

  • Pages from-to

    1-6

  • Publisher name

    International Federation for Information Processing

  • Place of publication

    Zürich

  • Event location

    Zürich

  • Event date

    Oct 14, 2013

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000345853200039

Similar results(10)

IFS: Intelligent flow sampling for network security–an adaptive approachEfficient Modelling of ICS Communication For Anomaly Detection Using Probabilistic AutomataTowards Extended NetFlow/IPFIX