Abstract
Flow-based intrusion detection will play an important role in high-speed networks, due to the stringent performance requirements of packet-based solutions. Flow monitoring technologies, such as NetFlow or IPFIX, aggregate individual packets into flows, requiring new intrusion detection algorithms to deal with the aggregated data. These algorithms are subject to constraints on real-time and accurate detection of intrusions, due to the nature of current flow monitoring technologies. In this paper, we propose a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems. This research is still in its initial phase and will contribute to a Ph.D. thesis after four years.
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational) (October 2004)
Sadasivan, G., Brownlee, N., Claise, B., Quittek, J.: Architecture for IP Flow Information Export. RFC 5470 (Informational) (March 2009)
Zseby, T., Boschi, E., Brownlee, N., Claise, B.: IP Flow Information Export (IPFIX) Applicability. RFC 5472 (Informational) (March 2009)
Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An Overview of IP Flow-Based Intrusion Detection. IEEE Communications Surveys Tutorials 12(3), 343–356 (2010)
Sperotto, A.: Flow-Based Intrusion Detection. PhD thesis, University of Twente (October 2010)
Münz, G., Carle, G.: Real-time Analysis of Flow Data for Network Attack Detection. In: Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management (IM 2007), pp. 100–108 (2007)
Sadre, R., Sperotto, A., Pras, A.: The Effects of DDoS Attacks on Flow Monitoring Applications. In: Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS 2012) (to appear, 2012)
Quittek, J., Bryant, S., Claise, B., Aitken, P., Meyer, J.: Information Model for IP Flow Information Export. RFC 5102 (Standards track) (January 2008)
Bartos, K., Rehak, M., Krmicek, V.: Optimizing Flow Sampling for Network Anomaly Detection. In: 7th International Wireless Communications and Mobile Computing Conference (IWCMC 2011), pp. 1304–1309 (2011)
Duffield, N., Lund, C., Thorup, M.: Properties and Prediction of Flow Statistics from Sampled Packet Streams. In: Proceedings of the ACM SIGCOMM Internet Measurement Workshop, pp. 159–171 (2002)
SURFnet (2012), http://www.surfnet.nl/en (accessed on March 29, 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hofstede, R., Pras, A. (2012). Real-Time and Resilient Intrusion Detection: A Flow-Based Approach. In: Sadre, R., Novotný, J., Čeleda, P., Waldburger, M., Stiller, B. (eds) Dependable Networks and Services. AIMS 2012. Lecture Notes in Computer Science, vol 7279. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30633-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-30633-4_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30632-7
Online ISBN: 978-3-642-30633-4
eBook Packages: Computer ScienceComputer Science (R0)