The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Statistical bandwidth sharing: a study of congestion at flow level
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Minimizing the overhead in implementing flow-aware networking
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Theory, Volume 1, Queueing Systems
Theory, Volume 1, Queueing Systems
Network Traffic Emulation for IDS Evaluation
NPC '07 Proceedings of the 2007 IFIP International Conference on Network and Parallel Computing Workshops
An Attack-Resilent Sampling Mechanism for Integrated IP Flow Monitors
ICDCSW '09 Proceedings of the 2009 29th IEEE International Conference on Distributed Computing Systems Workshops
Network attack detection at flow level
NEW2AN'11/ruSMART'11 Proceedings of the 11th international conference and 4th international conference on Smart spaces and next generation wired/wireless networking
Modeling Internet backbone traffic at the flow level
IEEE Transactions on Signal Processing
| Hi-index | 0.00 |
In this paper, we propose a novel approach to finding and predicting anomalous network states based on a flow monitoring mechanism. We assume that number of active flows can show a real network state. Moreover, the dependence between flow number and link utilisation allows us to derive an equation for the confidence interval on high-loaded network links. Experiments have been conducted that confirmed the basic position of the model and identified the anomaly network states. A software package based on this model has been created that allows the prevention of DDoS attacks. For successful operation of this software the number of active flows that single IP address can generate has been analysed.