Publication details

CAMNEP: Multistage Collective Network Behavior Analysis System with Hardware Accelerated NetFlow Probes

Authors

REHÁK Martin ČELEDA Pavel PĚCHOUČEK Michal NOVOTNÝ Jiří

Year of publication 2009
Type R&D Presentation
MU Faculty or unit

Institute of Computer Science

Citation
Description Current network behavior analysis methods based on anomaly detection approaches suffer from comparatively higher error rate and low performance. We propose a framework system which addresses these issues by (i) using hardware-accelerated probes to collect unsampled NetFlow/IPFIX data from gigabit-speed network links and (ii) combining several anomaly detection algorithms by means of collective trust modeling, a multi-agent data fusion method. The data acquired on the network is preprocessed in the collector database and then passed to several anomaly detection methods to obtain several independent anomaly opinions for each flow. Each of these methods uses a distinct set of aggregate traffic features to determine the anomaly of each flow, which is determined by comparing the observed flows with a method-specific traffic prediction and/or a set of rules. The anomaly data is passed to several trust models to aggregate the current anomalies with past experience. Depending on the specific network, it can remove up to 95 % of false positives.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info