WG Requirements for network monitoring from an IDS perspective
Dagstuhlseminar on Network Attack Detection and Defense 2008, March 2-6, 2008, Dagstuhl, Germany
Detection of malicious traffic is based on its input data, the information that is co-ming from network-based monitoring systems. Best detection rates would only be possible by monitoring all data transferred over all network lines in a distributed net-work. Monitoring and reporting this amount of data are feasible in neither today's, nor will be in future's systems. Later analysis like stateful inspection of the traffic imposes even more processing costs. But only at this level of monitoring and analysis there may be a chance to capture all attacks inside a system. So there needs to be a trade-off between detection success and the processing costs.
| Type: | Journal |
| Langue: | English |
| Date: | Mars 2008 |
| Département: | Réseaux et Sécurité |
| Eurecom ref: | 2516 |
| Bibtex: | @article{EURECOM+2516, doi = {http://drops.dagstuhl.de/opus/volltexte/2008/1497}, year = {2008}, month = {03}, title = {{WG} {R}equirements for network monitoring from an {IDS} perspective}, author = {{B}raun, {L}othar and {D}ressler, {F}alko and {H}olz, {T}horsten and {K}irda, {E}ngin and {K}ohlrausch, {J}an and {K}r{\"u}gel, {C}hristopher and {L}immer, {T}obias and {R}ieck, {K}onrad and {S}terbenz, {J}ames {P} {G}}, journal = {{D}agstuhlseminar on {N}etwork {A}ttack {D}etection and {D}efense 2008, {M}arch 2-6, 2008, {D}agstuhl, {G}ermany}, url = {http://www.eurecom.fr/publication/2516} } |
Permalink: http://www.eurecom.fr/publication/2516
