| 請選擇適合之語言 | Select Language >> 繁體中文 | English |
|
|
What is QLT-IDS? A quantitative logarithmic transformation-based intrusion detection system (QLT-IDS) uses a straightforward statistical approach to analyze network behavior. QLT-IDS can process massive NetFlow logs on-the-fly and can achieve 95.7% detection precision. Moreover, we deployed QLT-IDS on real campuses, and it prevented many intrusions. Furthermore, Experiments also show that QLT-IDS can detect malicious intrusion even under a high (e.g., 1:1) NetFlow sampling percentage. The present study proposes a lightweight intrusion detection system based on a quantitative logarithmic transform (QLT) method for identifying intrusion behavior in large scale networks in a near real-time manner. An attack discerner module based on two critical values is then used to identify each flow as either benign or malicious. Since QLT-IDS perform intrusion detection directly based on the statistical features of the network flows, it requires neither the use of predefined rules nor a prior training process, and the detection time is less than a minute. QLT-IDS can support 1: N NetFlow sampling, where N can be up to 512. Moreover, QLT-IDS uses just two parameters, namely a malicious critical value M and benign critical value L, where 0≤M<L. IEEE has approved the technology of our product. A Quantitative Logarithmic Transformation-based Intrusion Detection System We disclosed an algorithm of our product and wrote an article in the form of a paper. It has been accepted by IEEE Access and published in recent days. That means the IEEE has approved the technology of our product. You can view or download the article by using the below URL: https://ieeexplore.ieee.org/document/10050849 There are several ways to launch the cyber-attack. 1. Via amounts of sessions: When the network suffer this kind of attack, the hardware resources will be consumed. The high resource usage will influence the performance of the network device. Finally, it may cause a crash. As a result, the network will be paralyzed. In this situation, hackers do not need many IP addresses to paralyze the network. 2. Via heavy network traffic: The amount of data that can be transmitted over a network at a given time is limited by the available bandwidth. Therefore, the hackers can send massive traffic to paralyze the network. When there is not enough bandwidth to handle the existing amount of traffic, the normal traffic will be influenced. In this situation, hackers need many IP addresses to implement this kind of attack. 3. All of the above. How do hackers steal the sensitive files? 1. Outsider attack: Hackers will use the external network to intrude the internal network. The common hacking methods include: port scanning, Remote Desktop Protocol (RDP), SSH, etc. 2. Insider attack: After successful intrusion, hackers will try to intrude the server farm. The most common method is using RDP. We know these from the experience that QLT-IDS system against hackers. Therefore, the QLT-IDS is a more effective system to prevent the cyber-attack and intrusion than the common IDS. P.S:We release a video on Youtube. It is about the analysis of hackers infiltrate Citrix Corporation to steal confidential data. |
|
|
賀!本公司產品技術獲得IEEE Access認可與刊登:
A Quantitative Logarithmic Transformation-based Intrusion Detection System 我們公司產品的技術以論文方式寫成一篇文章,已獲得IEEE Access論壇的採用與刊登,可透過瀏覽器觀看/下載文章。 https://ieeexplore.ieee.org/document/10050849 |
|
| Copyright © 2002 by CureLAN Corp. All rights reserved . Send all questions and comments regarding this site to E-MAIL |