Abstract
The computers and network services became presence guaranteed in several places. These characteristics resulted in the growth of illicit events and therefore the computers and networks security has become an essential point in any computing environment. Many methodologies were created to identify these events; however, with increasing of users and services on the Internet, many difficulties are found in trying to monitor a large network environment. This paper proposes a methodology for events detection in large-scale networks. The proposal approaches the anomaly detection using the NetFlow protocol, statistical methods and monitoring the environment in a best time for the application.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cole, E., Krutz, R., Conley, J.R.: Network Security Bible, 2nd edn. Wiley Publishing Inc., Indianapolis (2009)
Quittek, J., Zseby, T., Claise, B., Zender, S.: RFC 3917: Requirements for IP Flow Information Export: IPFIX, Hawthorn Victoria (2004), http://www.ietf.org/rfc/rfc3917.txt
Claise, B.: RFC 3954: Cisco Systems NetFlow Services Export Version 9 (2004), http://www.ietf.org/rfc/rfc3954.txt
Sourcefire, Snort.org, http://www.snort.org
Corrêa, J. L., Proto, A., Cansian, A. M.: Modelo de armazenamento de fluxos de rede para análises de tráfego e de segurança. In: VIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), Gramado (2008)
Zhenqi, W., Xinyu, W.: NetFlow Based Intrusion Detection System. In: International Conference on Multimedia and Information Technology, Phuket (2008)
Roche, V.P., Arronategui, U.: Behavioural Characterization for Network Anomaly Detection. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science IV. LNCS, vol. 5430, pp. 23–40. Springer, Heidelberg (2009)
Bin, L., Chuang, L., Jian, Q., Jianping, H., Ungsunan, P.: A NetFlow based flow analysis and monitoring system in enterprise networks. Computer Networks 5, 1074–1092 (2008)
Gollmann, D.: Computer Security, 1st edn. John Wiley & Sons, New York (1999)
Dekking, F.M., Kraaikamp, C., Lopuhaä, H.P., Meester, L.E.: A modern introduction to probability and statistics, 1st edn., pp. 234–244. Springer, Heidelberg (2005)
Elmasri, R.E., Navathe, S.: Fundamentals of Database Systems, 4th edn. Addison-Wesley, Reading (2005)
Mockapetris, P.: RFC 1034: Domain Names – Concepts and Facilities (1987), http://www.ietf.org/rfc/rfc1034.txt
Kurose, J.F., Ross, K.W.: Computer Networking: A Top-Down Approach, 5th edn., pp. 65–80. Addison-Wesley, Reading (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Proto, A., Alexandre, L.A., Batista, M.L., Oliveira, I.L., Cansian, A.M. (2010). Statistical Model Applied to NetFlow for Network Intrusion Detection. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science XI. Lecture Notes in Computer Science, vol 6480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17697-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-17697-5_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17696-8
Online ISBN: 978-3-642-17697-5
eBook Packages: Computer ScienceComputer Science (R0)