Skip to Main content Skip to Navigation
Conference papers

NetFlow Anomaly Detection Though Parallel Cluster Density Analysis in Continuous Time-Series

Abstract : The increase in malicious network based attacks has resulted in a growing interest in network anomaly detection. The ability to detect unauthorized or malicious activity on a network is of importance to any organization. With the increase in novel attacks, anomaly detection techniques can be more successful in detecting unknown malicious activity in comparison to traditional signature based methods. However, in a real-world environment, there are many variables that cannot be simulated. This paper proposes an architecture where parallel clustering algorithms work concurrently in order to detect abnormalities that may be lost while traversing over time-series windows. The presented results describe the NetFlow activity of the NPD Group, Inc. over a 24-hour period. The presented results contain real-world anomalies that were detected.
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download

https://hal.inria.fr/hal-01675428
Contributor : Hal Ifip <>
Submitted on : Thursday, January 4, 2018 - 2:29:47 PM
Last modification on : Monday, January 15, 2018 - 12:20:02 PM
Long-term archiving on: : Thursday, May 3, 2018 - 1:53:48 PM

File

453598_1_En_18_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Kieran Flanagan, Enda Fallon, Paul Connolly, Abir Awad. NetFlow Anomaly Detection Though Parallel Cluster Density Analysis in Continuous Time-Series. 15th International Conference on Wired/Wireless Internet Communication (WWIC), Jun 2017, St. Petersburg, Russia. pp.221-232, ⟨10.1007/978-3-319-61382-6_18⟩. ⟨hal-01675428⟩

Share

Metrics

Record views

235

Files downloads

151