Skip to Main content Skip to Navigation
Conference papers

NetFlow Anomaly Detection Though Parallel Cluster Density Analysis in Continuous Time-Series

Abstract : The increase in malicious network based attacks has resulted in a growing interest in network anomaly detection. The ability to detect unauthorized or malicious activity on a network is of importance to any organization. With the increase in novel attacks, anomaly detection techniques can be more successful in detecting unknown malicious activity in comparison to traditional signature based methods. However, in a real-world environment, there are many variables that cannot be simulated. This paper proposes an architecture where parallel clustering algorithms work concurrently in order to detect abnormalities that may be lost while traversing over time-series windows. The presented results describe the NetFlow activity of the NPD Group, Inc. over a 24-hour period. The presented results contain real-world anomalies that were detected.
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, January 4, 2018 - 2:29:47 PM
Last modification on : Monday, January 15, 2018 - 12:20:02 PM
Long-term archiving on: : Thursday, May 3, 2018 - 1:53:48 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Kieran Flanagan, Enda Fallon, Paul Connolly, Abir Awad. NetFlow Anomaly Detection Though Parallel Cluster Density Analysis in Continuous Time-Series. 15th International Conference on Wired/Wireless Internet Communication (WWIC), Jun 2017, St. Petersburg, Russia. pp.221-232, ⟨10.1007/978-3-319-61382-6_18⟩. ⟨hal-01675428⟩



Record views


Files downloads