Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Journal Article |
| Scope | Discipline-based scholarship |
| Title | An overview of IP flow-based intrusion detection |
| Organization Unit | |
| Authors |
|
| Item Subtype | Original Work |
| Refereed | Yes |
| Status | Published in final form |
| Language |
|
| Journal Title | IEEE Communications Surverys and Tutorials |
| Publisher | IEEE |
| Geographical Reach | international |
| ISSN | 1553-877X |
| Volume | 12 |
| Number | 3 |
| Page Range | 343 - 356 |
| Date | 2010 |
| Abstract Text | Intrusion detection is an important area of research. Traditionally, the approach taken to find attacks is to inspect the contents of every packet. However, packet inspection cannot easily be performed at high-speeds. Therefore, researchers and operators started investigating alternative approaches, such as flow-based intrusion detection. In that approach the flow of data through the network is analyzed, instead of the contents of each individual packet. The goal of this paper is to provide a survey of current research in the area of flow-based intrusion detection. The survey starts with a motivation why flow-based intrusion detection is needed. The concept of flows is explained, and relevant standards are identified. The paper provides a classification of attacks and defense techniques and shows how flow-based techniques can be used to detect scans, worms, Botnets and {dos} (DoS) attacks. |
| Digital Object Identifier | 10.1109/SURV.2010.032210.00054 |
| Other Identification Number | merlin-id:104 |
| PDF File |
Download from ZORA
|
| Export |
BibTeX
EP3 XML (ZORA)
|
| Additional Information | © 2010 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. |