- Title
- A netFlow scoring framework for incident detection
- Creator
- Sweeney, Michael, Irwin, Barry V W
- Date
- 2017
- Type
- text
- Type
- article
- Identifier
- http://hdl.handle.net/10962/428301
- Identifier
- vital:72501
- Identifier
- https://researchspace.csir.co.za/dspace/bitstream/handle/10204/9693/Sweeney_19662_2017.pdf?sequence=1andisAllowed=y
- Description
- As networks have grown, so has the data available for monitoring and security purposes. This increase in volume has raised significant chal-lenges for administrators in terms of how to identify threats in amongst the large volumes of network traffic, a large part of which is often back-ground noise. In this paper we propose a framework for scoring and coding NetFlow data with security related information. The scores and codes are added through the application of a series of independent tests, each of which may flag some form of suspicious behaviour. The cumulative effect of the scoring and coding raises the more serious po-tential threats to the fore, allowing for quick and effective investigation or action. The framework is presented along with a description of an implementation and some findings that uncover potentially malicious network traffic.
- Format
- 5 pages, pdf
- Language
- English
- Relation
- Proceedings of Southern African Telecommunication Networks and Applications Conference (SATNAC), Sweeney, M. and Irwin, B.V., 2017. A netFlow scoring framework for incident detection. In Southern Africa Telecommunication Networks and Applications Conference (SATNAC) (pp. 228-235), Proceedings of Southern African Telecommunication Networks and Applications Conference (SATNAC) volume 2017 number 1 1 5 2017 Conference
- Rights
- Publisher
- Rights
- Use of this resource is governed by the terms and conditions of the Southern Africa Telecommunication Networks and Applications Conference (SA TNAC) Statement (https://www.satnac.org.za/)
- Hits: 151
- Visitors: 208
- Downloads: 61
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details | SOURCE1 | A netFlow scoring framework for incident detection.pdf | 96 KB | Adobe Acrobat PDF | View Details |