Mario Golling scite author profile

Traditional Intrusion Detection approaches rely on the inspection of individual packets, often referred to as Deep Packet Inspection (DPI), where individual packets are scanned for suspicious patterns. However, the rapid increase of link speeds and throughputsespecially in larger networks such as backbone networks -seriously constrains this approach. First, devices capable of detecting intrusions on high-speed links of 10 Gbps and higher are rather expensive, or must be built based on complex arrays. Second, legislation commonly restricts the way in which backbone network operators can analyse the data in their networks. To overcome these constraints, fl ow-based intrusion detection can be applied, which traditionally focuses only on packet header fi elds and packet characteristics. Flow export technologies are nowadays embedded in most high-end packet forwarding devices and are widely used for network management, which makes this approach economically attractive.In the context of large, high-speed networks, such as backbone networks, we make two observations with respect to fl ow-based and packet-based intrusion detection. First, although fl ow-based intrusion detection offers several advantages in terms of processing requirements, the aggregation of packets into fl ows obviously entails a loss of information. Second, the quantity of information is not constrained when packet-based intrusion detection is performed, but its application is often unfeasible, due to stringent processing requirements. To bridge this gap, we propose a multi-layered approach that combines the advantages of both types of intrusion detection. Our approach is centred around the idea that 1) a fi rst layer of detection comprises fl ow-based intrusion detection, that makes a pre-selection of suspicious traffi c, and 2

show abstract

Security Management Areas in the Inter-cloud

Kretzschmar

Golling

Hanigk

2011

View full text Add to dashboard Cite

Within the context of Cloud Computing, one of the most important security challenges is to manage and assure a secure usage over multi-provider Inter-Cloud environments with dedicated communication infrastructures, security mechanisms, processes and policies. The aim of Security controls in Cloud computing is, for the most part, no different than security controls in any IT environment from a functional security management perspective. The adaption and reuse of existing traditional security management areas that have to be enhanced for specific Cloud computing requirements (e.g., dynamic reconfiguration, distributed services, etc.), is proposed. Based on the collection of various Inter-Cloud use cases and scenarios within the private and public sector like DMTF (Distributed Management Task Force), NIST (National Institute of Standards and Technology), GICTF (Global InterCloud Technology Forum) and ENISA (European Network and Information Security Agency) we analyzed and summarized the range of requirements for security management. As these requirements are not yet fulfilled by current security management approaches, we derived a set of security management areas that describe all identified functional aspects. This set will serve as a foundation of our future development towards a security management architecture for the Inter-Cloud.

show abstract

Using Geolocation for the Strategic Preincident Preparation of an IT Forensics Analysis

Koch

Golling

Stiemert

et al. 2016

IEEE Systems Journal

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mario Golling

How to exchange security events? Overview and evaluation of formats and protocols

Behavior-based intrusion detection in encrypted environments

Towards multi-layered intrusion detection in high-speed networks

Security Management Areas in the Inter-cloud

Using Geolocation for the Strategic Preincident Preparation of an IT Forensics Analysis

Contact Info

Product

Resources

About