Informace o publikaci

From Signature-Based Towards Behaviour-Based Anomaly Detection

Autoři

VYKOPAL Jan MINAŘÍK Pavel

Rok publikování 2010
Druh Článek ve sborníku
Konference RTO-MP-IST-091 PRE-RELEASE: Information Assurance and Cyber Defence
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
www http://ftp.rta.nato.int/public//PubFullText/RTO/MP/RTO-MP-IST-091///MP-IST-091-P02.doc
Obor Informatika
Klíčová slova deep packet inspection; network behaviour analysis; cyber attack;
Popis Cyber attacks are widespread and even they may have a serious impact on national security (e. g., in Estonia in 2007 and Georgia in 2008). Computer networks abused for these attacks are getting faster and encrypted. Limitations of current network intrusion detection systems performing deep packet inspection are a) low throughput that is not sufficient for traffic in multitigabit networks and b) inability of processing encrypted traffic. A different aproach to intrusion detection, network behaviour analysis (NBA), overcomes these limitation. It relies on statistics information of network traffic flows. We present particular examples of NBA in this paper.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.

Další info