Collaborative approach to network behaviour analysis based on hardware-accelerated FlowMon probes Online publication date: Tue, 17-Mar-2009
by Martin Rehak, Michal Pechoucek, Martin Grill, Karel Bartos, Vojtech Krmicek, Pavel Celeda
International Journal of Electronic Security and Digital Forensics (IJESDF), Vol. 2, No. 1, 2009
Abstract: Network behaviour analysis techniques are designed to detect intrusions and other undesirable behaviour in computer networks by analysing the traffic statistics. We present an efficient framework for integration of anomaly detection algorithms working on the identical input data. This framework is based on high-speed network traffic acquisition subsystem and on trust modelling, a well-established set of techniques from the multi-agent system field. Trust-based integration of algorithms results in classification with lower error rate, especially in terms of false positives. The presented system is suitable for both online and offline processing, and introduces a relatively low computational overhead compared to deployment of isolated anomaly detection algorithms.
Online publication date: Tue, 17-Mar-2009
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Electronic Security and Digital Forensics (IJESDF):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email firstname.lastname@example.org