ResearchSpace

A netFlow scoring framework for incident detection

Show simple item record

dc.contributor.author Sweeney, M
dc.contributor.author Irwin, Barry VW
dc.date.accessioned 2017-10-25T12:44:47Z
dc.date.available 2017-10-25T12:44:47Z
dc.date.issued 2017-09
dc.identifier.citation Sweeney, M. and Irwin, B.V.W. 2017. A netFlow scoring framework for incident detection. Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3 - 10 September 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain en_US
dc.identifier.uri http://www.satnac.org.za//proceedings/2017/SATNAC%202017%20Proceedings%20Final.pdf
dc.identifier.uri http://hdl.handle.net/10204/9693
dc.description Paper presented at Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2017, 3 - 10 September 2017, Freedom of the Seas, Royal Caribbean International, Barcelona, Spain en_US
dc.description.abstract As networks have grown, so has the data available for monitoring and security purposes. This increase in volume has raised significant challenges for administrators in terms of how to identify threats in amongst the large volumes of network traffic, a large part of which is often background noise. In this paper we propose a framework for scoring and coding NetFlow data with security related information. The scores and codes are added through the application of a series of independent tests, each of which may flag some form of suspicious behaviour. The cumulative effect of the scoring and coding raises the more serious potential threats to the fore, allowing for quick and effective investigation or action. The framework is presented along with a description of an implementation and some findings that uncover potentially malicious network traffic. en_US
dc.language.iso en en_US
dc.relation.ispartofseries Worklist;19662
dc.subject Network traffic en_US
dc.subject Network security en_US
dc.subject Netflow scoring framework en_US
dc.title A netFlow scoring framework for incident detection en_US
dc.type Conference Presentation en_US
dc.identifier.apacitation Sweeney, M., & Irwin, B. V. (2017). A netFlow scoring framework for incident detection. http://hdl.handle.net/10204/9693 en_ZA
dc.identifier.chicagocitation Sweeney, M, and Barry VW Irwin. "A netFlow scoring framework for incident detection." (2017): http://hdl.handle.net/10204/9693 en_ZA
dc.identifier.vancouvercitation Sweeney M, Irwin BV, A netFlow scoring framework for incident detection; 2017. http://hdl.handle.net/10204/9693 . en_ZA
dc.identifier.ris TY - Conference Presentation AU - Sweeney, M AU - Irwin, Barry VW AB - As networks have grown, so has the data available for monitoring and security purposes. This increase in volume has raised significant challenges for administrators in terms of how to identify threats in amongst the large volumes of network traffic, a large part of which is often background noise. In this paper we propose a framework for scoring and coding NetFlow data with security related information. The scores and codes are added through the application of a series of independent tests, each of which may flag some form of suspicious behaviour. The cumulative effect of the scoring and coding raises the more serious potential threats to the fore, allowing for quick and effective investigation or action. The framework is presented along with a description of an implementation and some findings that uncover potentially malicious network traffic. DA - 2017-09 DB - ResearchSpace DP - CSIR KW - Network traffic KW - Network security KW - Netflow scoring framework LK - https://researchspace.csir.co.za PY - 2017 T1 - A netFlow scoring framework for incident detection TI - A netFlow scoring framework for incident detection UR - http://hdl.handle.net/10204/9693 ER - en_ZA


Files in this item

This item appears in the following Collection(s)

Show simple item record