dc.contributor.author |
Sweeney, M
|
|
dc.contributor.author |
Irwin, Barry VW
|
|
dc.date.accessioned |
2017-10-25T12:44:47Z |
|
dc.date.available |
2017-10-25T12:44:47Z |
|
dc.date.issued |
2017-09 |
|
dc.identifier.citation |
Sweeney, M. and Irwin, B.V.W. 2017. A netFlow scoring framework for incident detection. Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3 - 10 September 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain |
en_US |
dc.identifier.uri |
http://www.satnac.org.za//proceedings/2017/SATNAC%202017%20Proceedings%20Final.pdf
|
|
dc.identifier.uri |
http://hdl.handle.net/10204/9693
|
|
dc.description |
Paper presented at Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3 - 10 September 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain |
en_US |
dc.description.abstract |
As networks have grown, so has the data available for monitoring and security purposes. This increase in volume has raised significant challenges for administrators in terms of how to identify threats in amongst the large volumes of network traffic, a large part of which is often background noise. In this paper we propose a framework for scoring and coding NetFlow data with security related information. The scores and codes are added through the application of a series of independent tests, each of which may flag some form of suspicious behaviour. The cumulative effect of the scoring and coding raises the more serious potential threats to the fore, allowing for quick and effective investigation or action. The framework is presented along with a description of an implementation and some findings that uncover potentially malicious network traffic. |
en_US |
dc.language.iso |
en |
en_US |
dc.relation.ispartofseries |
Worklist;19662 |
|
dc.subject |
Network traffic |
en_US |
dc.subject |
Network security |
en_US |
dc.subject |
Netflow scoring framework |
en_US |
dc.title |
A netFlow scoring framework for incident detection |
en_US |
dc.type |
Conference Presentation |
en_US |
dc.identifier.apacitation |
Sweeney, M., & Irwin, B. V. (2017). A netFlow scoring framework for incident detection. http://hdl.handle.net/10204/9693 |
en_ZA |
dc.identifier.chicagocitation |
Sweeney, M, and Barry VW Irwin. "A netFlow scoring framework for incident detection." (2017): http://hdl.handle.net/10204/9693 |
en_ZA |
dc.identifier.vancouvercitation |
Sweeney M, Irwin BV, A netFlow scoring framework for incident detection; 2017. http://hdl.handle.net/10204/9693 . |
en_ZA |
dc.identifier.ris |
TY - Conference Presentation
AU - Sweeney, M
AU - Irwin, Barry VW
AB - As networks have grown, so has the data available for monitoring and security purposes. This increase in volume has raised significant challenges for administrators in terms of how to identify threats in amongst the large volumes of network traffic, a large part of which is often background noise. In this paper we propose a framework for scoring and coding NetFlow data with security related information. The scores and codes are added through the application of a series of independent tests, each of which may flag some form of suspicious behaviour. The cumulative effect of the scoring and coding raises the more serious potential threats to the fore, allowing for quick and effective investigation or action. The framework is presented along with a description of an implementation and some findings that uncover potentially malicious network traffic.
DA - 2017-09
DB - ResearchSpace
DP - CSIR
KW - Network traffic
KW - Network security
KW - Netflow scoring framework
LK - https://researchspace.csir.co.za
PY - 2017
T1 - A netFlow scoring framework for incident detection
TI - A netFlow scoring framework for incident detection
UR - http://hdl.handle.net/10204/9693
ER -
|
en_ZA |