MalFIX: Using IPFIX for Scaling Threat Detection to High Data Rates

DSpace Repositorium (Manakin basiert)

MalFIX: Using IPFIX for Scaling Threat Detection to High Data Rates

Paradzik, Gabriel; Steinert, Benjamin; Steegmüller, Janik; Menth, Michael
Dateien:
Thumbnail
175. KB
PDF
Zitierfähiger Link (URI): http://hdl.handle.net/10900/163779
http://nbn-resolving.org/urn:nbn:de:bsz:21-dspace-1637796
http://dx.doi.org/10.15496/publikation-105109
Dokumentart: Wissenschaftlicher Artikel
Erscheinungsdatum: 2025-04-03
Sprache: Englisch
Fakultät: 7 Mathematisch-Naturwissenschaftliche Fakultät
Fachbereich: Informatik
DDC-Klassifikation: 004 - Informatik
Zur Langanzeige

Abstract:

Threat intelligence feeds provide up-to-date information about threat indicators, i.e., IP addresses, hostnames, etc. This information can be used to identify potentially malicious actors by scanning network traffic. In this paper, we present a high-performance architecture for threat detection that leverages openly available threat intelligence feeds. For that purpose, the open-source tool Maltrail has been modified to make it horizontally scalable and to handle IPFIX flow data. Maltrail was adapted to process IPFIX as input and generate IPFIXcompatible output that includes information about detected threats. These threats are then ingested into Apache Kafka, enabling further analysis and integration with other tools. Benchmark results highlight the scalability of this approach, with a peak processing speed of 300,000 flows per second on 32 CPU cores.

Das Dokument erscheint in: