Abstract
|
Traditional Network Intrusion Detection Sy … Traditional Network Intrusion Detection Systems (NIDSs) inspect the payload of the packets looking for known intrusion signatures or deviations from normal behavior, but inspecting traffic at the current speed of Internet Service Provider (ISP) networks is difficult or even unfeasible. This paper presents an approach to detect malicious traffic and identify malicious hosts by inspecting flows, leveraging a combination of unsupervised machine learning and threat intelligence, without requiring either previous knowledge about attacks or traffic without attacks. The approach was implemented in the FlowHacker NIDS and evaluated with two kinds of traffic flows: synthetic traffic flows and real ISP traffic flows. traffic flows and real ISP traffic flows.
|
Author
|
Luis Sacramento +
, Ibéria Medeiros +
, João Bota +
, Miguel Correia +
|
Booktitle
|
Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) +
|
Key
|
Sacramento TrustCom 2018 +
|
Month
|
jul +
|
NumPubDate
|
2,018.07 +
|
Project
|
Project:DiSIEM +
|
ResearchLine
|
Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
|
Title
|
FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data using Network Flows +
|
Type
|
inproceedings +
|
Year
|
2018 +
|
Has improper value forThis property is a special property in this wiki.
|
Url +
|
Categories |
Publication +
|
Modification dateThis property is a special property in this wiki.
|
10 June 2018 12:18:37 +
|