Flow-Based Front Payload Aggregation

Date Added: Oct 2009
Format: PDF

The authors present and discuss a new monitoring technique that the authors call Front Payload Aggregation (FPA). Instead of being limited to either analyzing single packets for signature based attack detection or exploiting statistical flow information for anomaly detection, FPA combines the advantages of both approaches. Exploiting the fact that most attack signatures can be found in the very first packets of a connection, the authors collect payload information from these few packets (the authors take the first n payload Bytes) and associate it to the corresponding flow data.