Security and Privacy in Communication Networks. 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009, Revised Selected Papers

Research Article

MULAN: Multi-Level Adaptive Network Filter

Download
485 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-05284-2_5,
        author={Shimrit Tzur-David and Danny Dolev and Tal Anker},
        title={MULAN: Multi-Level Adaptive Network Filter},
        proceedings={Security and Privacy in Communication Networks. 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2012},
        month={5},
        keywords={},
        doi={10.1007/978-3-642-05284-2_5}
    }
    
  • Shimrit Tzur-David
    Danny Dolev
    Tal Anker
    Year: 2012
    MULAN: Multi-Level Adaptive Network Filter
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-05284-2_5
Shimrit Tzur-David1,*, Danny Dolev1,*, Tal Anker1,*
  • 1: The Hebrew University
*Contact email: shimritd@cs.huji.ac.il, dolev@cs.huji.ac.il, anker@cs.huji.ac.il

Abstract

A security engine should detect network traffic attacks at line-speed. When an attack is detected, a good security engine should screen away the offending packets and continue to forward all other traffic. Anomaly detection engines must protect the network from new and unknown threats before the vulnerability is discovered and an attack is launched. Thus, the engine should integrate intelligent “learning” capabilities. The principal way for achieving this goal is to model anticipated network traffic behavior, and to use this model for identifying anomalies.