Article: Collaborative approach to network behaviour analysis based on hardware-accelerated FlowMon probes Journal: International Journal of Electronic Security and Digital Forensics (IJESDF) 2009 Vol.2 No.1 pp.35 - 48 Abstract: Network behaviour analysis techniques are designed to detect intrusions and other undesirable behaviour in computer networks by analysing the traffic statistics. We present an efficient framework for integration of anomaly detection algorithms working on the identical input data. This framework is based on high-speed network traffic acquisition subsystem and on trust modelling, a well-established set of techniques from the multi-agent system field. Trust-based integration of algorithms results in classification with lower error rate, especially in terms of false positives. The presented system is suitable for both online and offline processing, and introduces a relatively low computational overhead compared to deployment of isolated anomaly detection algorithms. Inderscience Publishers - linking academia, business and industry through research

Title: Collaborative approach to network behaviour analysis based on hardware-accelerated FlowMon probes

Authors: Martin Rehak, Michal Pechoucek, Martin Grill, Karel Bartos, Vojtech Krmicek, Pavel Celeda

Addresses: Department of Cybernetics and Center for Applied Cybernetics, Faculty of Electrical Engineering, Czech Technical University, Technicka 2, Prague 166 27, Czech Republic. ' Department of Cybernetics and Center for Applied Cybernetics, Faculty of Electrical Engineering, Czech Technical University, Technicka 2, Prague 166 27, Czech Republic. ' CESNET, z. s. p. o., Zikova 4, Prague 160 00, Czech Republic. ' CESNET, z. s. p. o., Zikova 4, Prague 160 00, Czech Republic. ' CESNET, z. s. p. o., Zikova 4, Prague 160 00, Czech Republic. ' Institute of Computer Science, Masaryk University, Botanicka 68a, Brno 602 00, Czech Republic

Abstract: Network behaviour analysis techniques are designed to detect intrusions and other undesirable behaviour in computer networks by analysing the traffic statistics. We present an efficient framework for integration of anomaly detection algorithms working on the identical input data. This framework is based on high-speed network traffic acquisition subsystem and on trust modelling, a well-established set of techniques from the multi-agent system field. Trust-based integration of algorithms results in classification with lower error rate, especially in terms of false positives. The presented system is suitable for both online and offline processing, and introduces a relatively low computational overhead compared to deployment of isolated anomaly detection algorithms.

Keywords: hardware acceleration; knowledge fusion; multi-agent intrusion detection; network behaviour analysis; network intrusion detection; network security; trust modelling; high-speed network traffic acquisition; multi-agent systems; MAS; agent-based systems.

DOI: 10.1504/IJESDF.2009.023874

International Journal of Electronic Security and Digital Forensics, 2009 Vol.2 No.1, pp.35 - 48

Published online: 17 Mar 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Collaborative approach to network behaviour analysis based on hardware-accelerated FlowMon probes

Keep up-to-date