| dc.contributor.author |
Paradzik, Gabriel |
|
| dc.contributor.author |
Steinert, Benjamin |
|
| dc.contributor.author |
Steegmüller, Janik |
|
| dc.contributor.author |
Menth, Michael |
|
| dc.date.accessioned |
2025-04-03T05:17:12Z |
|
| dc.date.available |
2025-04-03T05:17:12Z |
|
| dc.date.issued |
2025-04-03 |
|
| dc.identifier.uri |
http://hdl.handle.net/10900/163779 |
|
| dc.identifier.uri |
http://nbn-resolving.org/urn:nbn:de:bsz:21-dspace-1637796 |
de_DE |
| dc.identifier.uri |
http://dx.doi.org/10.15496/publikation-105109 |
|
| dc.description.abstract |
Threat intelligence feeds provide up-to-date information
about threat indicators, i.e., IP addresses, hostnames, etc.
This information can be used to identify potentially malicious
actors by scanning network traffic. In this paper, we present a
high-performance architecture for threat detection that leverages
openly available threat intelligence feeds. For that purpose,
the open-source tool Maltrail has been modified to make it
horizontally scalable and to handle IPFIX flow data. Maltrail
was adapted to process IPFIX as input and generate IPFIXcompatible
output that includes information about detected
threats. These threats are then ingested into Apache Kafka,
enabling further analysis and integration with other tools. Benchmark
results highlight the scalability of this approach, with a
peak processing speed of 300,000 flows per second on 32 CPU
cores. |
en |
| dc.language.iso |
en |
de_DE |
| dc.publisher |
Universität Tübingen |
de_DE |
| dc.subject.ddc |
004 |
de_DE |
| dc.title |
MalFIX: Using IPFIX for Scaling Threat Detection to High Data Rates |
en |
| dc.type |
Article |
de_DE |
| utue.publikation.fachbereich |
Informatik |
de_DE |
| utue.publikation.fakultaet |
7 Mathematisch-Naturwissenschaftliche Fakultät |
de_DE |
| utue.publikation.noppn |
yes |
de_DE |
