Security

Flow-Based Front Payload Aggregation

Download Now Free registration required

Executive Summary

The authors present and discuss a new monitoring technique that the authors call Front Payload Aggregation (FPA). Instead of being limited to either analyzing single packets for signature based attack detection or exploiting statistical flow information for anomaly detection, FPA combines the advantages of both approaches. Exploiting the fact that most attack signatures can be found in the very first packets of a connection, the authors collect payload information from these few packets (the authors take the first n payload Bytes) and associate it to the corresponding flow data.

  • Format: PDF
  • Size: 607.4 KB