Tool for anomalies detection in the behaviour of the device profiles on the network

Publication details

Authors	DOSOUDIL Jan MINAŘÍK Pavel
Year of publication	2011
MU Faculty or unit	Institute of Computer Science
Web	Webová stránka s instalačním balíčkem
Description	Anomaly detection tool based on network behavior profiles is a set of specialized scripts to transform NetFlow statistics and process them as time series. First a behavior profiles for set of IP addresses are created using nfdump tools. The subsequent processing is performed in system R using Holt-Winters data analysis method. In case of anomaly detection an event is generated and stored in specified log file. The anomaly detection tool also includes connector to use pre-computed behavior profiles stored in relational database.
Related projects:	CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment

10 reasons why you will fall in love with MU