Conceptual Integration of Flow-Based and Packet-Based Network Intrusion Detection

Authors:
Gregor Schaffrath;Burkhard Stiller
Affiliations:
Department of Informatics IFI, University of Zürich Communication Systems Group CSG, Zürich, Switzerland CH--8050;Department of Informatics IFI, University of Zürich Communication Systems Group CSG, Zürich, Switzerland CH--8050
Venue:
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
Year:
2008

Citing 3
Cited 1

NVisionIP: netflow visualizations of system state for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Operational experiences with high-volume network intrusion detection

Proceedings of the 11th ACM conference on Computer and communications security
Wide-scale botnet detection and characterization

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets

Event stream database based architecture to detect network intrusion: (industry article)

Proceedings of the 7th ACM international conference on Distributed event-based systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network-based Intrusion Detection Systems aim at the detection of malicious activities by an inspection of network traffic. Since network link speeds and traffic volume grew over the last years, payload-based analysis became difficult, leading to the development of alternative approaches for flowbased analysis. Although each approach alone suffers a set of drawbacks, a few experiments with hybrid approaches show potential for synergies. This work analyses these drawbacks in order to develop a conceptual framework for hybrid approaches, integrating the two concepts in a fashion to compensate for their respective weaknesses proposed.