Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks
نویسندگان
چکیده
While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatic intrusion detection methods can detect a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to present the visual analysis system NFlowVis to interactively detect unwanted usage of the network infrastructure either by pivoting NetFlows using IDS alerts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of NetFlows by means of a database management system.
منابع مشابه
Internet Security Visualization Case Study: Instrumenting a Network for NetFlow Security Visualization Tools
With the development of the Internet and organizational intranets, it has become an increasingly critical and difficult task to monitor large and complex networks indispensable to security risk management and network performance analysis. Monitoring for security situational awareness with visualization has been shown to be an effective and efficient approach. However, the quality of source data...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملراهکار ترکیبی نوین جهت تشخیص نفوذ در شبکههای کامپیوتری با استفاده از الگوریتم-های هوش محاسباتی
In this paper, a novel hybrid method is proposed for intrusion detection in computer networks using combination of misuse-based and anomaly-based detection models with the aim of performance improvement. In the proposed hybrid approach, a set of algorithms and models is employed. The selection of input features is performed using shuffled frog-leaping (SFL) algorithm. The misuse detection modul...
متن کاملDDoS Detection with Information Theory Metrics and Netflows - A Real Case
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) constitute one of the main issues for critical Internet services. The widespread availability and simplicity of automated stressing tools has also promoted the voluntary participation to extensive attacks against known websites. Today the most effective (D)DoS detection schemes are based on information theory metrics, but their ef...
متن کاملAdaptive Real-Time Anomaly Detection with Fast Indexing and Ability to Forget
Anomaly detection in IP networks, detection of deviations from what is considered normal, is an important complement to misuse detection based on known attack descriptions. Performing anomaly detection in real-time places hard requirements on the algorithms used. First, to deal with the massive data volumes one needs to have efficient data structures and indexing mechanisms. Secondly, the dynam...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009