Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

Flow-based intrusion detection will play an important role in high-speed networks, due to the stringent performance requirements of packet-based solutions. Flow monitoring technologies, such as NetFlow or IPFIX, aggregate individual packets into flows, requiring new intrusion detection algorithms to deal with the aggregated data. These algorithms are subject to constraints on real-time and accurate detection of intrusions, due to the nature of current flow monitoring technologies. In this paper, we propose a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems. This research is still in its initial phase and will contribute to a Ph.D. thesis after four years.

[1]  Carsten Lund,et al.  Properties and prediction of flow statistics from sampled packet streams , 2002, IMW '02.

[2]  Anna Sperotto,et al.  Flow-based intrusion detection , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[3]  Aiko Pras,et al.  The effects of DDoS attacks on flow monitoring applications , 2012, 2012 IEEE Network Operations and Management Symposium.

[4]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[5]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[6]  Jürgen Quittek,et al.  Architecture for IP Flow Information Export , 2009, RFC.

[7]  Benoit Claise,et al.  Ip Flow Information Export (ipfix) Applicability , 2009 .

[8]  Georg Carle,et al.  Real-time Analysis of Flow Data for Network Attack Detection , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[9]  Jürgen Quittek,et al.  Information Model for IP Flow Information Export , 2008, RFC.

[10]  Martin Rehák,et al.  Optimizing flow sampling for network anomaly detection , 2011, 2011 7th International Wireless Communications and Mobile Computing Conference.