Network Anomaly Detection: Flow-based or Packet-based Approach - Computer Science > Networking and Internet ArchitectureReportar como inadecuado




Network Anomaly Detection: Flow-based or Packet-based Approach - Computer Science > Networking and Internet Architecture - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

Abstract: One of the most critical tasks for network administrator is to ensure systemuptime and availability. For the network security, anomaly detection systems,along with firewalls and intrusion prevention systems are the must-have tools.So far in the field of network anomaly detection, people are working on twodifferent approaches. One is flow-based; usually rely on network elements tomake so-called flow information available for analysis. The second approach ispacket-based; which directly analyzes the data packet information for thedetection of anomalies. This paper describes the main differences between thetwo approaches through an in-depth analysis. We try to answer the question ofwhen and why an approach is better than the other. The answer is critical fornetwork administrators to make their choices in deploying a defending system,securing the network and ensuring business continuity.



Autor: Huy Nguyen, Deokjai Choi

Fuente: https://arxiv.org/







Documentos relacionados