Attribution and Aggregation of Network Flows for Security Analysis (White Paper)
• White Paper
Publisher
Software Engineering Institute
Topic or Tag
Abstract
This paper describes a network flow analyzer that is capable of attribution and aggregation of different flows into single activity events for the purposes of identifying suspicious and illegitimate behaviors. Flows are correlated with security events using the Process Query System (PQS) infrastructure. We show results from initial experiments and describe plans for extending the effort. The correlation of networks flows with security events appears to have high potential for aggregating disparate network and host activity and for classifying network activity as either benign or suspicious.
Part of a Collection
FloCon 2006 Collection
This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.