Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP International Conference on Autonomous Infrastructure, Management and Security

AIMS 2012: Dependable Networks and Services pp 109–112Cite as

  1. Home
  2. Dependable Networks and Services
  3. Conference paper
Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

  • Rick Hofstede20 &
  • Aiko Pras20 
  • Conference paper
  • 1773 Accesses

  • 6 Citations

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 7279)

Abstract

Flow-based intrusion detection will play an important role in high-speed networks, due to the stringent performance requirements of packet-based solutions. Flow monitoring technologies, such as NetFlow or IPFIX, aggregate individual packets into flows, requiring new intrusion detection algorithms to deal with the aggregated data. These algorithms are subject to constraints on real-time and accurate detection of intrusions, due to the nature of current flow monitoring technologies. In this paper, we propose a framework for flow-based intrusion detection, aiming to detect intrusions in real-time, and to be resilient against negative effects of attacks on monitoring systems. This research is still in its initial phase and will contribute to a Ph.D. thesis after four years.

Download conference paper PDF

References

  1. Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational) (October 2004)

    Google Scholar 

  2. Sadasivan, G., Brownlee, N., Claise, B., Quittek, J.: Architecture for IP Flow Information Export. RFC 5470 (Informational) (March 2009)

    Google Scholar 

  3. Zseby, T., Boschi, E., Brownlee, N., Claise, B.: IP Flow Information Export (IPFIX) Applicability. RFC 5472 (Informational) (March 2009)

    Google Scholar 

  4. Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An Overview of IP Flow-Based Intrusion Detection. IEEE Communications Surveys Tutorials 12(3), 343–356 (2010)

    CrossRef  Google Scholar 

  5. Sperotto, A.: Flow-Based Intrusion Detection. PhD thesis, University of Twente (October 2010)

    Google Scholar 

  6. Münz, G., Carle, G.: Real-time Analysis of Flow Data for Network Attack Detection. In: Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management (IM 2007), pp. 100–108 (2007)

    Google Scholar 

  7. Sadre, R., Sperotto, A., Pras, A.: The Effects of DDoS Attacks on Flow Monitoring Applications. In: Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS 2012) (to appear, 2012)

    Google Scholar 

  8. Quittek, J., Bryant, S., Claise, B., Aitken, P., Meyer, J.: Information Model for IP Flow Information Export. RFC 5102 (Standards track) (January 2008)

    Google Scholar 

  9. Bartos, K., Rehak, M., Krmicek, V.: Optimizing Flow Sampling for Network Anomaly Detection. In: 7th International Wireless Communications and Mobile Computing Conference (IWCMC 2011), pp. 1304–1309 (2011)

    Google Scholar 

  10. Duffield, N., Lund, C., Thorup, M.: Properties and Prediction of Flow Statistics from Sampled Packet Streams. In: Proceedings of the ACM SIGCOMM Internet Measurement Workshop, pp. 159–171 (2002)

    Google Scholar 

  11. SURFnet (2012), http://www.surfnet.nl/en (accessed on March 29, 2012)

Download references

Author information

Authors and Affiliations

  1. Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands

    Rick Hofstede & Aiko Pras

Authors
  1. Rick Hofstede
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aiko Pras
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Electrical Engineering, Mathematics, and Computer Science, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands

    Ramin Sadre

  2. Institute of Computer Science, Masaryk University, Botanická 68a, 602 00, Brno, Czech Republic

    Jiří Novotný & Pavel Čeleda & 

  3. Institut für Informatik (IFI), Universität Zürich, Binzmühlestraße 14, 8050, Zürich, Switzerland

    Martin Waldburger

  4. Institut für Informatik (IFI), Universität Zürich, Binzmühlestrasse 14, 8050, Zürich, Switzerland

    Burkhard Stiller

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Hofstede, R., Pras, A. (2012). Real-Time and Resilient Intrusion Detection: A Flow-Based Approach. In: Sadre, R., Novotný, J., Čeleda, P., Waldburger, M., Stiller, B. (eds) Dependable Networks and Services. AIMS 2012. Lecture Notes in Computer Science, vol 7279. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30633-4_13

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-30633-4_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30632-7

  • Online ISBN: 978-3-642-30633-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature