Internet Archive Scholar

6. 08102 Working Group – Requirements for Network Monitoring from an IDS Perspective

Lothar Braun, Falko Dressler, Thorsten Holz, Engin Kirda, Jan Kohlrausch, Christopher Kruegel, Tobias Limmer, Konrad Rieck, James Sterbenz, Georg Carle, Richard A. Kemmerer, Hartmut König
2008

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (30.7 kB)
https://web.archive.org/web/20170813140732/http://drops.dagstuhl.de/opus/volltexte/2008/1497/pdf/08102.SWM.Paper.1497.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Detection of malicious traffic is based on its input data, the information that is co-ming from network-based monitoring systems. Best detection rates would only be possible by monitoring all data transferred over all network lines in a distributed net-work. Monitoring and reporting this amount of data are feasible in neither today's, nor will be in future's systems. Later analysis like stateful inspection of the traffic imposes even more processing costs. But only at this level of monitoring
more » ... d analysis there may be a chance to capture all attacks inside a system. So there needs to be a trade-off between detection success and the processing costs.
doi:10.4230/dagsemproc.08102.6 fatcat:tf76l6jcerh5bonrb3uwkripqe
Citation

Lothar Braun, Falko Dressler, Thorsten Holz, Engin Kirda, Jan Kohlrausch, Christopher Kruegel, Tobias Limmer, Konrad Rieck, James Sterbenz, Georg Carle, Richard A. Kemmerer, Hartmut König. "6. 08102 Working Group – Requirements for Network Monitoring from an IDS Perspective." (2008)