Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
| Hi-index | 0.00 |
In this paper, we develop network traffic monitoring tool in order to analyze and monitor a network environment effectively. The network traffic analysis and monitoring system is designed based on attack knowledge for EWS(Early Warning System). It consists of an agent for host, a database server and administrator's tool. Each host agent captures and collects network traffic information using WinPcap library, and send those information to the database server. The database server classifies and keeps necessary information from all the information sent, and provides those information when the administrator requests the information. The administrator's tool combines the information from the server, applies the analysis of correlation, and confirms the network attack situation. This system can monitor the network traffics and analyze global traffic stream effectively, and aware various internet attack situations. The system was designed using C++ and ODBC (Open Database Connectivity).