License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/DagSemProc.08102.6
URN: urn:nbn:de:0030-drops-14970
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2008/1497/
Go to the corresponding Portal

Braun, Lothar ; Dressler, Falko ; Holz, Thorsten ; Kirda, Engin ; Kohlrausch, Jan ; Kruegel, Christopher ; Limmer, Tobias ; Rieck, Konrad ; Sterbenz, James

6. 08102 Working Group -- Requirements for Network Monitoring from an IDS Perspective

pdf-format:
08102.SWM.Paper.1497.pdf (0.03 MB)

Abstract

Detection of malicious traffic is based on its input data, the information that is co-ming from network-based monitoring systems. Best detection rates would only be possible by monitoring all data transferred over all network lines in a distributed net-work. Monitoring and reporting this amount of data are feasible in neither today's, nor will be in future's systems. Later analysis like stateful inspection of the traffic imposes even more processing costs. But only at this level of monitoring and analysis there may be a chance to capture all attacks inside a system. So there needs to be a trade-off between detection success and the processing costs.

BibTeX - Entry

@InProceedings{braun_et_al:DagSemProc.08102.6,
  author =	{Braun, Lothar and Dressler, Falko and Holz, Thorsten and Kirda, Engin and Kohlrausch, Jan and Kruegel, Christopher and Limmer, Tobias and Rieck, Konrad and Sterbenz, James},
  title =	{{6. 08102 Working Group – Requirements for Network Monitoring from an IDS Perspective}},
  booktitle =	{Perspectives Workshop: Network Attack Detection and Defense},
  pages =	{1--4},
  series =	{Dagstuhl Seminar Proceedings (DagSemProc)},
  ISSN =	{1862-4405},
  year =	{2008},
  volume =	{8102},
  editor =	{Georg Carle and Falko Dressler and Richard A. Kemmerer and Hartmut K\"{o}nig and Christopher Kruegel},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2008/1497},
  URN =		{urn:nbn:de:0030-drops-14970},
  doi =		{10.4230/DagSemProc.08102.6},
  annote =	{Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma network monitoring, flow analysis, denial of service detection and response, event correlation}
}

Keywords: Intrusion detection and prevention, attack response and countermeasures, reactive security, automated security, survivability and self-protection, ma
Freie Schlagwörter (deutsch): network monitoring, flow analysis, denial of service detection and response, event correlation
Collection: 08102 - Perspectives Workshop: Network Attack Detection and Defense
Issue Date: 2008
Date of publication: 20.05.2008

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI