Abstract
In this paper, we propose a new method for detecting unauthorized network intrusions, based on a traffic flow model and Cisco NetFlow protocol application. The method developed allows us not only to detect the most common types of network attack (DDoS and port scanning), but also to make a list of trespassers’ IP-addresses. Therefore, this method can be applied in intrusion detection systems, and in those systems which lock these IP-addresses.
This work submitted by part of NPRIR 01200964488.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Paulauskas, N., Garsva, E.: Computer System Attack Classification. Electronics and Electrical Engineering 2(66) (2006)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. 34(2), 39–53 (2004)
Hussain, A., Heidemann, J., Paradopoulos, C.: A Framework for Classifying Denial-of-Service Attacks, Karlsruhe, Germany, pp. 99–110 (2003)
Douligeris, C., Mitrokotsa, A.: DDoS Attacks and Defense Mechanisms: Classification and State-of-the-art. Comp. Networks 44, 643–666 (2004)
Paxson, V.: An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks. CCR 31(3) (July 2001)
Chang, R.K.C.: Defending against Flooding-based Distributed Denial of Service Attacks: A tutorial. IEEE Communications Magazine 40(10), 42–51 (2002)
Cisco IOS NetFlow site, Cisco Systems, www.cisco.com/go/netflow
Claise, B.: NetFlow Services Export Version 9. RFC 3954 (2004)
White Paper: Cisco IOS and NX-OS Software Reference Guide, Cisco Systems, http://www.cisco.com/web/about/security/intelligence/ios-ref.html
Afanasiev, F., Petrov, A., Grachev, V., Sukhov, A.: A Flow-based analysis of Internet traffic. Russian Edition of Network Computing 5(98), 92–95 (2003)
McGlone, J., Marshall, A., Woods, R.: An Attack-Resilient Sampling Mechanism for Integrated IP Flow Monitors. In: 29th IEEE International Conference on Distributed Computing Systems Workshops (2009) ISBN: 978-0-7695-3660-6
Yang, W., Gong, J., Ding, W., Wu, X.: Network Traffic Emulation for IDS Evaluation. In: IFIP International Conference on Network and Parallel Computing, pp. 608–612 (2007) ISBN: 978-0-7695-2943-1
Deal, R.A.: Cisco Router Firewall Security: DoS Protection (October 2004), www.informit.com/articles/printerfriendly.aspx?p=345618
Fullmer, M., Roming, S.: The OSU Flow-tools Package and Cisco Netflow logs. In: Proceedings of the 2000 USENIX LISA Conference, New Orleans, LA (2000)
Haag, P.: Watch your Flows with NfSen and NfDump. In: 50th RIPE Meeting (2005)
Marmorstein, R., Kearns, P.: A tool for automated iptables firewall analysis. In: 2005 USENIX Annual Technical Conference, FREENIX Track, pp. 71–82 (April 2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Galtsev, A.A., Sukhov, A.M. (2011). Network Attack Detection at Flow Level. In: Balandin, S., Koucheryavy, Y., Hu, H. (eds) Smart Spaces and Next Generation Wired/Wireless Networking. ruSMART NEW2AN 2011 2011. Lecture Notes in Computer Science, vol 6869. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22875-9_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-22875-9_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22874-2
Online ISBN: 978-3-642-22875-9
eBook Packages: Computer ScienceComputer Science (R0)