Conceptual Integration of Flow-Based and Packet-Based Network Intrusion Detection [chapter]

Gregor Schaffrath, Burkhard Stiller
2008 Lecture Notes in Computer Science  
Network-based Intrusion Detection Systems aim at the detection of malicious activities by an inspection of network traffic. Since network link speeds and traffic volume grew over the last years, payload-based analysis became difficult, leading to the development of alternative approaches for flowbased analysis. Although each approach alone suffers a set of drawbacks, a few experiments with hybrid approaches show potential for synergies. This work analyses these drawbacks in order to develop a
more » ... nceptual framework for hybrid approaches, integrating the two concepts in a fashion to compensate for their respective weaknesses proposed.
doi:10.1007/978-3-540-70587-1_17 fatcat:2vzbro5t55fppl3xnxfenxmm7e