Research Article
NetFlow Based Network Protection
@INPROCEEDINGS{10.1007/978-3-642-31909-9_35, author={Vojtech Krmicek and Jan Vykopal}, title={NetFlow Based Network Protection}, proceedings={Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2012}, month={10}, keywords={active network defense NetFlow flow monitoring HAMOC}, doi={10.1007/978-3-642-31909-9_35} }- Vojtech Krmicek
Jan Vykopal
Year: 2012
NetFlow Based Network Protection
SECURECOMM
Springer
DOI: 10.1007/978-3-642-31909-9_35
Abstract
Protecting network perimeter against adversaries both from inside and outside is a crucial task for nowadays network administrators. Inspecting all network traffic by traditional deep packet inspection is very resource intensive task in high speed networks and scalable solutions are needed. In our work, we describe network protection system based on NetFlow data. It uses hardware accelerated monitoring center (HAMOC) for inspecting network traffic, generating NetFlow data and also for active filtration/blocking of malicious traffic. Active network protection use case against brute force dictionary attacks is presented and also other network protection use cases are discussed. Main contribution of this work are: (i) scalable solution suitable for current high-speed networks (10 Gbps and more), (ii) use of hadrware accelerated HAMOC platform performing both monitoring and traffic filtering, (iii) light-weight alternative using software tools instead of hardware platform suitable for protection of networks with lower amount of traffic.