An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
Cisco Router Firewall Security
Cisco Router Firewall Security
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
The OSU Flow-tools Package and CISCO NetFlow Logs
LISA '00 Proceedings of the 14th USENIX conference on System administration
A tool for automated iptables firewall analysis
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Network Traffic Emulation for IDS Evaluation
NPC '07 Proceedings of the 2007 IFIP International Conference on Network and Parallel Computing Workshops
An Attack-Resilent Sampling Mechanism for Integrated IP Flow Monitors
ICDCSW '09 Proceedings of the 2009 29th IEEE International Conference on Distributed Computing Systems Workshops
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
Active flows in diagnostic of troubleshooting on backbone links
Journal of High Speed Networks
| Hi-index | 0.00 |
In this paper, we propose a new method for detecting unauthorized network intrusions, based on a traffic flow model and Cisco NetFlow protocol application. The method developed allows us not only to detect the most common types of network attack (DDoS and port scanning), but also to make a list of trespassers' IP-addresses. Therefore, this method can be applied in intrusion detection systems, and in those systems which lock these IP-addresses.