NetFlow Based Intrusion Detection System

As a opening global network, Internet now is facing more and more attacks and complex methods of attack, which causes the network security problem becoming the focal point that people pay attention to.The single firewall strategy can not satisfy the need of network security, intrusion detection system which is used at present has very high rate of false alarm. However, intrusion detection system based on NetFlow can solve these problems. NetFlow provides IP flow information in the network. Network administrators can use the NetFlow flow records for a variety of purposes, including network management, network planning, network security and so on. In the field of network security, IP flow information provided by NetFlow is used to analyze anomaly traffic. NetFlow based anomaly traffic analysis is an appropriate supplement to current signature-based NIDS. In this paper, we propose a NetFlow based intrusion detection system, which can detect several types of network attack from inside or outside based on the NetFlow data exported from the router or other network probes. And this system can take the ensures to prevent these types of network attack.