Flow-based Compromise Detection: Lessons Learned

Abstract

Although the aggregated nature of exported flow data provides many advantages in terms of privacy and scalability, flow data may contain artifacts that impair data analysis. In this article, we investigate the differences between flow data analysis in theory and practice-that is, in lab environments and production networks.

Publication
IEEE Security & Privacy, vol. 16, no. 1, pp. 82-89