%0 Conference Proceedings
%T Making Flow-Based Security Detection Parallel
%+ Czech Technical University in Prague (CTU)
%+ CESNET [Prague]
%A Švepeš, Marek
%A Čejka, Tomáš
%Z Part 1: Security Management
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 11th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS)
%C Zurich, Switzerland
%Y Daphne Tuncer
%Y Robert Koch
%Y Rémi Badonnel
%Y Burkhard Stiller
%I Springer International Publishing
%3 Security of Networks and Services in an All-Connected World
%V LNCS-10356
%P 3-15
%8 2017-07-10
%D 2017
%R 10.1007/978-3-319-60774-0_1
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X Flow based monitoring is currently a standard approach suitable for large networks of ISP size. The main advantage of flow processing is a smaller amount of data due to aggregation. There are many reasons (such as huge volume of transferred data, attacks represented by many flow records) to develop scalable systems that can process flow data in parallel. This paper deals with splitting a stream of flow data in order to perform parallel anomaly detection on distributed computational nodes. Flow data distribution is focused not only on uniformity but mainly on successful detection. The results of an experimental analysis show that the proposed approach does not break important semantic relations between individual flow records and therefore it preserves detection results. All experiments were performed using real data traces from Czech National Education and Research Network.
%G English
%Z TC 6
%Z WG 6.6
%2 https://inria.hal.science/hal-01806062/document
%2 https://inria.hal.science/hal-01806062/file/452969_1_En_1_Chapter.pdf
%L hal-01806062
%U https://inria.hal.science/hal-01806062
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC6
%~ IFIP-AIMS
%~ IFIP-WG6-6
%~ IFIP-LNCS-10356