- Title
- Adaptable exploit detection through scalable netflow analysis
- Creator
- Herbert, Alan
- Creator
- Irwin, Barry V W
- Date Issued
- 2016
- Date
- 2016
- Type
- text
- Type
- article
- Identifier
- http://hdl.handle.net/10962/429274
- Identifier
- vital:72572
- Identifier
- https://ieeexplore.ieee.org/abstract/document/7802938
- Description
- Full packet analysis on firewalls and intrusion detection, although effective, has been found in recent times to be detrimental to the overall performance of networks that receive large volumes of throughput. For this reason partial packet analysis technologies such as the NetFlow protocol have emerged to better mitigate these bottlenecks through log generation. This paper researches the use of log files generated by NetFlow version 9 and IPFIX to identify successful and unsuccessful exploit attacks commonly used by automated systems. These malicious communications include but are not limited to exploits that attack Microsoft RPC, Samba, NTP (Network Time Protocol) and IRC (Internet Relay Chat). These attacks are recreated through existing exploit implementations on Metasploit and through hand-crafted reconstructions of exploits via known documentation of vulnerabilities. These attacks are then monitored through a preconfigured virtual testbed containing gateways and network connections commonly found on the Internet. This common attack identification system is intended for insertion as a parallel module for Bolvedere in order to further the increase the Bolvedere system's attack detection capability.
- Format
- 7 pages
- Format
- Language
- English
- Relation
- Information Security for South Africa (ISSA)
- Relation
- Herbert, A. and Irwin, B., 2016, August. Adaptable exploit detection through scalable netflow analysis. In 2016 Information Security for South Africa (ISSA) (pp. 121-128). IEEE
- Relation
- Information Security for South Africa (ISSA) volume 2016 number 1 121 128 2016 Conference
- Rights
- Publisher
- Rights
- Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)
- Hits: 100
- Visitors: 106
- Downloads: 8
Collections
Herbert, Alan (Mr)
Irwin, Barry V W (Prof)
RU Department of Computer Science
SDG 09. Industry, Innovation and Infrastructure
| Thumbnail | File | Description | Size | Format | |||
|---|---|---|---|---|---|---|---|
| View Details Download | SOURCE1 | Adaptable exploit detection through scalable netflow analysis.pdf | 688 KB | Adobe Acrobat PDF | View Details Download |