TY - GEN
T1 - MULAN
T2 - 5th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2009
AU - Tzur-David, Shimrit
AU - Dolev, Danny
AU - Anker, Tal
PY - 2009
Y1 - 2009
N2 - A security engine should detect network traffic attacks at line-speed. When an attack is detected, a good security engine should screen away the offending packets and continue to forward all other traffic. Anomaly detection engines must protect the network from new and unknown threats before the vulnerability is discovered and an attack is launched. Thus, the engine should integrate intelligent "learning" capabilities. The principal way for achieving this goal is to model anticipated network traffic behavior, and to use this model for identifying anomalies. The scope of this research focuses primarily on denial of service (DoS) attacks and distributed DoS (DDoS). Our goal is detection and prevention of attacks. The main challenges include minimizing the false-positive rate and the memory consumption. In this paper, we present the MULAN-filter. The MULAN (MUlti-Level Adaptive Network) filter is an accurate engine that uses multi-level adaptive structure for specifically detecting suspicious traffic using a relatively small memory size.
AB - A security engine should detect network traffic attacks at line-speed. When an attack is detected, a good security engine should screen away the offending packets and continue to forward all other traffic. Anomaly detection engines must protect the network from new and unknown threats before the vulnerability is discovered and an attack is launched. Thus, the engine should integrate intelligent "learning" capabilities. The principal way for achieving this goal is to model anticipated network traffic behavior, and to use this model for identifying anomalies. The scope of this research focuses primarily on denial of service (DoS) attacks and distributed DoS (DDoS). Our goal is detection and prevention of attacks. The main challenges include minimizing the false-positive rate and the memory consumption. In this paper, we present the MULAN-filter. The MULAN (MUlti-Level Adaptive Network) filter is an accurate engine that uses multi-level adaptive structure for specifically detecting suspicious traffic using a relatively small memory size.
UR - http://www.scopus.com/inward/record.url?scp=84885891463&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-05284-2_5
DO - 10.1007/978-3-642-05284-2_5
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84885891463
SN - 3642052835
SN - 9783642052835
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
SP - 71
EP - 90
BT - Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers
Y2 - 14 September 2009 through 18 September 2009
ER -