CoreFlow: Enriching Bro security events using network traffic monitoring data

@article{Koning2018CoreFlowEB,
  title={CoreFlow: Enriching Bro security events using network traffic monitoring data},
  author={R. Koning and Nick Buraglio and C. D. Laat and P. Grosso},
  journal={Future Gener. Comput. Syst.},
  year={2018},
  volume={79},
  pages={235-242}
}
  • R. Koning, Nick Buraglio, +1 author P. Grosso
  • Published 2018
  • Computer Science
  • Future Gener. Comput. Syst.
  • Attacks against network infrastructures can be detected by Intrusion Detection Systems (IDS). Still reaction to these events are often limited by the lack of larger contextual information in which they occurred. In this paper we present CoreFlow, a framework for the correlation and enrichment of IDS data with network flow information. CoreFlow ingests data from the Bro IDS and augments this with flow data from the devices in the network. By doing this the network providers are able to… CONTINUE READING

    Figures, Tables, and Topics from this paper.

    Automating network security
    A Novel Network user Behaviors and Profile Testing based on Anomaly Detection Techniques
    Measuring the effectiveness of SDN mitigations against cyber attacks
    4
    Hop Recording and Forwarding State Logging: Two Implementations for Path Tracking in P4
    1
    A Responsible Internet to Increase Trust in the Digital World
    Enabling E-science applications with dynamic optical networks: Secure autonomous response networks
    5
    Security maturity model of web applications for cyber attacks
    1

    References

    Publications referenced by this paper.
    SHOWING 1-10 OF 19 REFERENCES
    An Overview of IP Flow-Based Intrusion Detection
    366
    Taxonomical approach to the deployment of traceback mechanisms
    10
    Bro: a system for detecting network intruders in real-time
    2230
    Alert correlation through triggering events and common resources
    80
    An Incrementally Deployable Flow-Based Scheme for IP Traceback
    21
    Intrusion detection at 100G
    9
    Towards a taxonomy of intrusion-detection systems
    830
    Network anomaly detection and classification via opportunistic sampling
    88