Paper Info
Title
Collaborative Attack Detection in High-Speed Networks
Abstract
We present a multi-agent system designed to detect malicious traffic in high-speed networks. In order to match the performance requirements related to the traffic volume, the network traffic data is acquired by hardware accelerated probes in NetFlow format and preprocessed before processing by the detection agent. The proposed detection algorithm is based on extension of trust modeling techniques with representation of uncertain identities, context representation and implicit assumption that significant traffic anomalies are a result of potentially malicious action. In order to model the traffic, each of the cooperating agents uses an existing anomaly detection method, that are then correlated using a reputation mechanism. The output of the detection layer is presented to operator by a dedicated analyst interface agent, which retrieves additional information to facilitate incident analysis. Our performance results illustrate the potential of the combination of high-speed hardware with cooperative detection algorithms and advanced analyst interface.
Year
DOI
Venue
2007
10.1007/978-3-540-75254-7_8
CEEMAS
Keywords
Field
DocType
traffic volume,cooperative detection algorithm,significant traffic anomaly,detection agent,detection layer,malicious traffic,advanced analyst interface,proposed detection algorithm,high-speed networks,collaborative attack detection,network traffic data,existing anomaly detection method,anomaly detection,hardware accelerator,multi agent system
Anomaly detection,NetFlow,Computer science,Incident analysis,Multi-agent system,Real-time computing,Operator (computer programming),Traffic volume,Intrusion detection system,Distributed computing,Reputation
Conference
Volume
ISSN
Citations 
4696
0302-9743
2
PageRank 
References 
Authors
0.37
10
6
Name
Order
Citations
PageRank
Martin Rehak125128.57
Michal Pěchouček21134133.88
Pavel Čeleda3142.96
Vojtech Krmicek4475.75
Pavel Minarik5241.97
David Medvigy6162.32