direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

Gregor Schaffrath's Publications

An Overview of IP Flow-Based Intrusion Detection
Citation key SSSMPS-OIFBID-10
Author Sperotto, Anna and Schaffrath, Gregor and Moriaru, Cristian and Sadre, Ramin and Pras, Aiko and Stiller, Burkhard
Pages 343–356
Year 2010
ISSN 1553-877X
DOI http://dx.doi.org/10.1109/SURV.2010.032210.00054
Address New York, NY, USA
Journal Communications Surveys and Tutorials
Volume 12
Number 3
Publisher IEEE
Abstract Intrusion detection is an important area of research. Traditionally, the approach taken to find attacks is to inspect the contents of every packet. However, packet inspection cannot easily be performed at high-speeds. Therefore, researchers and operators started investigating alternative approaches, such as flow-based intrusion detection. In that approach the flow of data through the network is analyzed, instead of the contents of each individual packet. The goal of this paper is to provide a survey of current research in the area of flow-based intrusion detection. The survey starts with a motivation why flow-based intrusion detection is needed. The concept of flows is explained, and relevant standards are identified. The paper provides a classification of attacks and defense techniques and shows how flow-based techniques can be used to detect scans, worms, Botnets and (DoS) attacks.
Download Bibtex entry

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe

Auxiliary Functions