This paper describes various network monitoring technologies and anomaly detection methods. NetFlow were chosen for anomaly detection system being developed. Anomalies are detected using a deviation value. After evaluating quality of developed system, new enhancements were suggested and implemented. Flow data distribution was suggested, to achieve more precise NetFlow data representation, enabling a more precise network monitoring information usage for anomaly detection. Arithmetic average calculations were replaced with more flexible Exponential Weighted Moving Average algorithm. Deviation weight was introduced to reduce false alarms. Results from experiment with real life data showed that proposed changes increased precision of NetFlow based anomaly detection system.
Identifer | oai:union.ndltd.org:LABT_ETD/oai:elaba.lt:LT-eLABa-0001:E.02~2006~D_20060603_144221-31628 |
Date | 03 June 2006 |
Creators | Krakauskas, Vytautas |
Contributors | Bareiša, Eduardas, Butleris, Rimantas, Rėklaitis, Vytautas, Kazanavičius, Egidijus, Motiejūnas, Kęstutis, Kavaliūnas, Rimantas, Štuikys, Vytautas, Tomkevičius, Arūnas, Šeinauskas, Rimantas, Stulpinas, Raimundas, Kaunas University of Technology |
Publisher | Lithuanian Academic Libraries Network (LABT), Kaunas University of Technology |
Source Sets | Lithuanian ETD submission system |
Language | Lithuanian |
Detected Language | English |
Type | Master thesis |
Format | application/pdf |
Source | http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2006~D_20060603_144221-31628 |
Rights | Unrestricted |
Page generated in 0.0023 seconds