摘要:The presented research aims to detect malicious traffic in high-speed networks by means of correlated anomaly detection methods. In order to acquire the real-time traffic statistics in NetFlow format, we deploy transparent inline probes based on FPGA elements. They provide traffic statistics to the agent-based detection layer, where each agent uses a specific anomaly detection method to detect anomalies and describe the flows in its extended trust model. The agents share the anomaly assessments of individual network flows that are used as an input for the agent's trust models. The trustfulness values of individual flows from all agents are combined to estimate their maliciousness. The estimate of trust is subsequently used to filter out the most significant events that are reported to network operators for further analysis. We argue that the use of trust model for integration of several anomaly detection methods and efficient representation of history data shall reduce the high rate of false positives (legitimate traffic classified as malicious) which limits the effectiveness of current intrusion detection systems.
Loading...
