M. Rehák, M. Pechoucek, Karel Bartos, Martin Grill, Pavel Čeleda, Vojtech Krmicek
{"title":"CAMNEP:用于高速网络的入侵检测系统","authors":"M. Rehák, M. Pechoucek, Karel Bartos, Martin Grill, Pavel Čeleda, Vojtech Krmicek","doi":"10.2201/NIIPI.2008.5.7","DOIUrl":null,"url":null,"abstract":"The presented research aims to detect malicious traffic in high\nspeed networks by means of correlated anomaly detection\nmethods. In order to acquire the real-time traffic statistics\nin NetFlow format, we deploy transparent inline probes based on\nFPGA elements. They provide traffic statistics to the\nagent-based detection layer, where each agent uses a specific\nanomaly detection method to detect anomalies and describe the\nflows in its extended trust model. The agents share the anomaly\nassessments of individual network flows that are used as an\ninput for the agents trust models. The trustfulness values of\nindividual flows from all agents are combined to estimate their\nmaliciousness. The estimate of trust is subsequently used to\nfilter out the most significant events that are reported to\nnetwork operators for further analysis. We argue that the use\nof trust model for integration of several anomaly detection\nmethods and efficient representation of history data shall\nreduce the high rate of false positives (legitimate traffic\nclassified as malicious) which limits the effectiveness of\ncurrent intrusion detection systems.","PeriodicalId":91638,"journal":{"name":"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing","volume":"10 1","pages":"65"},"PeriodicalIF":0.0000,"publicationDate":"2008-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":"{\"title\":\"CAMNEP: An intrusion detection system for high-speed networks\",\"authors\":\"M. Rehák, M. Pechoucek, Karel Bartos, Martin Grill, Pavel Čeleda, Vojtech Krmicek\",\"doi\":\"10.2201/NIIPI.2008.5.7\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The presented research aims to detect malicious traffic in high\\nspeed networks by means of correlated anomaly detection\\nmethods. In order to acquire the real-time traffic statistics\\nin NetFlow format, we deploy transparent inline probes based on\\nFPGA elements. They provide traffic statistics to the\\nagent-based detection layer, where each agent uses a specific\\nanomaly detection method to detect anomalies and describe the\\nflows in its extended trust model. The agents share the anomaly\\nassessments of individual network flows that are used as an\\ninput for the agents trust models. The trustfulness values of\\nindividual flows from all agents are combined to estimate their\\nmaliciousness. The estimate of trust is subsequently used to\\nfilter out the most significant events that are reported to\\nnetwork operators for further analysis. We argue that the use\\nof trust model for integration of several anomaly detection\\nmethods and efficient representation of history data shall\\nreduce the high rate of false positives (legitimate traffic\\nclassified as malicious) which limits the effectiveness of\\ncurrent intrusion detection systems.\",\"PeriodicalId\":91638,\"journal\":{\"name\":\"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing\",\"volume\":\"10 1\",\"pages\":\"65\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"22\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2201/NIIPI.2008.5.7\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"... Proceedings of the ... IEEE International Conference on Progress in Informatics and Computing. IEEE International Conference on Progress in Informatics and Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2201/NIIPI.2008.5.7","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
CAMNEP: An intrusion detection system for high-speed networks
The presented research aims to detect malicious traffic in high
speed networks by means of correlated anomaly detection
methods. In order to acquire the real-time traffic statistics
in NetFlow format, we deploy transparent inline probes based on
FPGA elements. They provide traffic statistics to the
agent-based detection layer, where each agent uses a specific
anomaly detection method to detect anomalies and describe the
flows in its extended trust model. The agents share the anomaly
assessments of individual network flows that are used as an
input for the agents trust models. The trustfulness values of
individual flows from all agents are combined to estimate their
maliciousness. The estimate of trust is subsequently used to
filter out the most significant events that are reported to
network operators for further analysis. We argue that the use
of trust model for integration of several anomaly detection
methods and efficient representation of history data shall
reduce the high rate of false positives (legitimate traffic
classified as malicious) which limits the effectiveness of
current intrusion detection systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
