Network Anomaly Detection: Flow-based or Packet-based Approach?

Details Network Anomaly Detection: Flow-based or Packet-based Approach? Network Anomaly Detection: Flow-based or Packet-based Approach?

2010-07-08

arxiv.org/abs/1007.1266v1

Computer Science

Networking and Internet Architecture

Published on Chonnam National University Networking Journal, Gwangju, Korea June 2008

Scientific paper

One of the most critical tasks for network administrator is to ensure system uptime and availability. For the network security, anomaly detection systems, along with firewalls and intrusion prevention systems are the must-have tools. So far in the field of network anomaly detection, people are working on two different approaches. One is flow-based; usually rely on network elements to make so-called flow information available for analysis. The second approach is packet-based; which directly analyzes the data packet information for the detection of anomalies. This paper describes the main differences between the two approaches through an in-depth analysis. We try to answer the question of when and why an approach is better than the other. The answer is critical for network administrators to make their choices in deploying a defending system, securing the network and ensuring business continuity.

Affiliated with

Also associated with

No associations

Rating

Network Anomaly Detection: Flow-based or Packet-based Approach? does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with Network Anomaly Detection: Flow-based or Packet-based Approach?, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network Anomaly Detection: Flow-based or Packet-based Approach? will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-102086