A novel approach for protection of confidential web contents
ECC'11 Proceedings of the 5th European conference on European computing conference
Cleaning your house first: shifting the paradigm on how to secure networks
AIMS'11 Proceedings of the 5th international conference on Autonomous infrastructure, management, and security: managing the dynamics of networks and services
Salting public traces with attack traffic to test flow classifiers
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
On detecting abrupt changes in network entropy time series
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Internet bad neighborhoods: the spam case
Proceedings of the 7th International Conference on Network and Services Management
Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge
Computer Communications
SSHCure: a flow-based SSH intrusion detection system
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
Real-Time and resilient intrusion detection: a flow-based approach
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
Review: A survey of network flow applications
Journal of Network and Computer Applications
Measurement artifacts in netflow data
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Event stream database based architecture to detect network intrusion: (industry article)
Proceedings of the 7th ACM international conference on Distributed event-based systems
A novel threshold-based scan detection method using genetic algorithm
Proceedings of the 6th International Conference on Security of Information and Networks
Flow-Based detection of DNS tunnels
AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
Hi-index | 0.00 |
Intrusion detection is an important area of research. Traditionally, the approach taken to find attacks is to inspect the contents of every packet. However, packet inspection cannot easily be performed at high-speeds. Therefore, researchers and operators started investigating alternative approaches, such as flow-based intrusion detection. In that approach the flow of data through the network is analyzed, instead of the contents of each individual packet. The goal of this paper is to provide a survey of current research in the area of flow-based intrusion detection. The survey starts with a motivation why flow-based intrusion detection is needed. The concept of flows is explained, and relevant standards are identified. The paper provides a classification of attacks and defense techniques and shows how flow-based techniques can be used to detect scans, worms, Botnets and (DoS) attacks.