Real-time analysis of flow data for network attack detection

Gerhard Münz; Georg Carle

doi:10.1109/INM.2007.374774

Real-time analysis of flow data for network attack detection

Gerhard Münz, Georg Carle

University of Tübingen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

52 Scopus citations

Abstract

With the wide deployment of flow monitoring in IP networks, the analysis of the exported flow data has become an important research area. It has been shown that flow data can be used to detect traffic anomalies, DoS attacks, and the propagation of worms. In practice, anomalies and attacks should be detected as fast as possible in order to allow taking appropriate countermeasures. We describe the necessary steps from the raw flow data to the detection result in a systematic way. Furthermore, we present TOPAS, a system and framework for real-time analysis of flow data, that has been developed in order to meet these requirements. Performance measurements and various application examples point out the capabilities and benefits of our approach.

Original language	English
Title of host publication	10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07
Pages	100-108
Number of pages	9
DOIs	https://doi.org/10.1109/INM.2007.374774
State	Published - 2007
Externally published	Yes
Event	10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07 - Munich, Germany Duration: 21 May 2007 → 25 May 2007

Publication series

Name	10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07

Conference

Conference	10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07
Country/Territory	Germany
City	Munich
Period	21/05/07 → 25/05/07

Keywords

Anomaly and attack detection
Flow analysis
Network monitoring

Access to Document

10.1109/INM.2007.374774

Cite this

@inproceedings{012a7dde171640338f27af7019c35e42,

title = "Real-time analysis of flow data for network attack detection",

abstract = "With the wide deployment of flow monitoring in IP networks, the analysis of the exported flow data has become an important research area. It has been shown that flow data can be used to detect traffic anomalies, DoS attacks, and the propagation of worms. In practice, anomalies and attacks should be detected as fast as possible in order to allow taking appropriate countermeasures. We describe the necessary steps from the raw flow data to the detection result in a systematic way. Furthermore, we present TOPAS, a system and framework for real-time analysis of flow data, that has been developed in order to meet these requirements. Performance measurements and various application examples point out the capabilities and benefits of our approach.",

keywords = "Anomaly and attack detection, Flow analysis, Network monitoring",

author = "Gerhard M{\"u}nz and Georg Carle",

year = "2007",

doi = "10.1109/INM.2007.374774",

language = "English",

isbn = "1424407990",

series = "10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07",

pages = "100--108",

booktitle = "10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07",

note = "10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07 ; Conference date: 21-05-2007 Through 25-05-2007",

}

Münz, G & Carle, G 2007, Real-time analysis of flow data for network attack detection. in 10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07., 4258526, 10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07, pp. 100-108, 10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07, Munich, Germany, 21/05/07. https://doi.org/10.1109/INM.2007.374774

Real-time analysis of flow data for network attack detection. / Münz, Gerhard; Carle, Georg.
10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07. 2007. p. 100-108 4258526 (10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Real-time analysis of flow data for network attack detection

AU - Münz, Gerhard

AU - Carle, Georg

PY - 2007

Y1 - 2007

N2 - With the wide deployment of flow monitoring in IP networks, the analysis of the exported flow data has become an important research area. It has been shown that flow data can be used to detect traffic anomalies, DoS attacks, and the propagation of worms. In practice, anomalies and attacks should be detected as fast as possible in order to allow taking appropriate countermeasures. We describe the necessary steps from the raw flow data to the detection result in a systematic way. Furthermore, we present TOPAS, a system and framework for real-time analysis of flow data, that has been developed in order to meet these requirements. Performance measurements and various application examples point out the capabilities and benefits of our approach.

AB - With the wide deployment of flow monitoring in IP networks, the analysis of the exported flow data has become an important research area. It has been shown that flow data can be used to detect traffic anomalies, DoS attacks, and the propagation of worms. In practice, anomalies and attacks should be detected as fast as possible in order to allow taking appropriate countermeasures. We describe the necessary steps from the raw flow data to the detection result in a systematic way. Furthermore, we present TOPAS, a system and framework for real-time analysis of flow data, that has been developed in order to meet these requirements. Performance measurements and various application examples point out the capabilities and benefits of our approach.

KW - Anomaly and attack detection

KW - Flow analysis

KW - Network monitoring

UR - http://www.scopus.com/inward/record.url?scp=34748852070&partnerID=8YFLogxK

U2 - 10.1109/INM.2007.374774

DO - 10.1109/INM.2007.374774

M3 - Conference contribution

AN - SCOPUS:34748852070

SN - 1424407990

SN - 9781424407996

T3 - 10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07

SP - 100

EP - 108

BT - 10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07

T2 - 10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07

Y2 - 21 May 2007 through 25 May 2007

ER -

Real-time analysis of flow data for network attack detection

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this