From Signature-Based Towards Behaviour-Based Anomaly Detection

Publication details

Authors	VYKOPAL Jan MINAŘÍK Pavel
Year of publication	2010
Type	Article in Proceedings
Conference	RTO-MP-IST-091 PRE-RELEASE: Information Assurance and Cyber Defence
MU Faculty or unit	Institute of Computer Science
Citation
Web	http://ftp.rta.nato.int/public//PubFullText/RTO/MP/RTO-MP-IST-091///MP-IST-091-P02.doc
Field	Informatics
Keywords	deep packet inspection; network behaviour analysis; cyber attack;
Description	Cyber attacks are widespread and even they may have a serious impact on national security (e. g., in Estonia in 2007 and Georgia in 2008). Computer networks abused for these attacks are getting faster and encrypted. Limitations of current network intrusion detection systems performing deep packet inspection are a) low throughput that is not sufficient for traffic in multitigabit networks and b) inability of processing encrypted traffic. A different aproach to intrusion detection, network behaviour analysis (NBA), overcomes these limitation. It relies on statistics information of network traffic flows. We present particular examples of NBA in this paper.
Related projects:	CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment

10 reasons why you will fall in love with MU