“FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data using Network Flows”

From Navigators

Jump to: navigation, search

Luis Sacramento, Ibéria Medeiros, João Bota, Miguel Correia

in Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Jul. 2018.

Abstract: Traditional Network Intrusion Detection Systems (NIDSs) inspect the payload of the packets looking for known intrusion signatures or deviations from normal behavior, but inspecting traffic at the current speed of Internet Service Provider (ISP) networks is difficult or even unfeasible. This paper presents an approach to detect malicious traffic and identify malicious hosts by inspecting flows, leveraging a combination of unsupervised machine learning and threat intelligence, without requiring either previous knowledge about attacks or traffic without attacks. The approach was implemented in the FlowHacker NIDS and evaluated with two kinds of traffic flows: synthetic traffic flows and real ISP traffic flows.

Export citation


Project(s): Project:DiSIEM

Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox