Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
TCP/IP illustrated (vol. 1): the protocols
TCP/IP illustrated (vol. 1): the protocols
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Intrusion detection with neural networks
NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
Dynamics of IP traffic: a study of the role of variability and the impact of control
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
On a Pattern-Oriented Model for Intrusion Detection
IEEE Transactions on Knowledge and Data Engineering
Design of Security System Based on Immune System
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Statistical Traffic Modeling for Network Intrusion Detection
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
D-SAT: Detecting SYN Flooding Attack by Two-Stage Statistical Approach
SAINT '05 Proceedings of the The 2005 Symposium on Applications and the Internet
High-throughput linked-pattern matching for intrusion detection systems
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Host Behaviour Based Early Detection of Worm Outbreaks in Internet Backbones
WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
A Framework for Real-Time Worm Attack Detection and Backbone Monitoring
IWCIP '05 Proceedings of the First IEEE International Workshop on Critical Infrastructure Protection
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Statistical model applied to netflow for network intrusion detection
Transactions on computational science XI
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
A malware detection system inspired on the human immune system
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
Review: A survey of network flow applications
Journal of Network and Computer Applications
Hi-index | 0.00 |
In this paper, a flow analysis and monitoring system based on NetFlow is introduced. The system is built on a Browser-Server framework, aimed at enterprise networks. Data collection and display are separated into two modules, which makes the system clearly demarcated and easy to deploy. The data collection module receives and analyzes NetFlow-exported packets and inserts per flow record information into the Oracle database. The display module acts as a J2EE web server, fetches real-time or history traffic information from the database and shows it to web users. In addition to the above-mentioned functions, the most important part of the system is an IDS. A real-time anomalous traffic monitoring module with a stable matching pattern algorithm and two traffic statistic based intrusion detection algorithms - one algorithm is based on variance similarity while the other is based on Euclidean distance - are embedded in the system to detect worm and other malicious attacks. With the aim of identifying anomalous network traffic simply and effectively, a proved ''join'' strategy is also designed along with the two traffic statistic based intrusion detection algorithms. The whole IDS module is able to run with low computational complexity and high detection accuracy. Finally, we conduct experiments to verify the performance of our system.