From Signature-Based Towards Behaviour-Based Anomaly Detection

Authors

VYKOPAL Jan MINAŘÍK Pavel

Year of publication 2010
Type Article in Proceedings
Conference RTO-MP-IST-091 PRE-RELEASE: Information Assurance and Cyber Defence
MU Faculty or unit

Institute of Computer Science

Citation
Web http://ftp.rta.nato.int/public//PubFullText/RTO/MP/RTO-MP-IST-091///MP-IST-091-P02.doc
Field Informatics
Keywords deep packet inspection; network behaviour analysis; cyber attack;
Description Cyber attacks are widespread and even they may have a serious impact on national security (e. g., in Estonia in 2007 and Georgia in 2008). Computer networks abused for these attacks are getting faster and encrypted. Limitations of current network intrusion detection systems performing deep packet inspection are a) low throughput that is not sufficient for traffic in multitigabit networks and b) inability of processing encrypted traffic. A different aproach to intrusion detection, network behaviour analysis (NBA), overcomes these limitation. It relies on statistics information of network traffic flows. We present particular examples of NBA in this paper.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info