Network attack detection at flow level

Aleksey A. Galtsev; Andrei M. Sukhov

arXiv:1104.1010·cs.CR·February 20, 2017

Network attack detection at flow level

Aleksey A. Galtsev, Andrei M. Sukhov

PDF

TL;DR

This paper introduces a flow-based network attack detection method utilizing Cisco NetFlow, capable of identifying common attacks like DDoS and port scanning, and listing malicious IP addresses for intrusion response.

Contribution

The paper presents a novel flow-level detection approach that integrates with intrusion systems to identify and list attack sources, enhancing network security measures.

Findings

01

Effective detection of DDoS and port scanning attacks

02

Ability to identify and list malicious IP addresses

03

Applicable in intrusion detection and IP blocking systems

Abstract

In this paper, we propose a new method for detecting unauthorized network intrusions, based on a traffic flow model and Cisco NetFlow protocol application. The method developed allows us not only to detect the most common types of network attack (DDoS and port scanning), but also to make a list of trespassers' IP-addresses. Therefore, this method can be applied in intrusion detection systems, and in those systems which lock these IP-addresses.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.