Machine Learning Approach for IP-Flow Record Anomaly Detection

Abstract : Faced to continuous arising new threats, the detection of anomalies in current operational networks has become essential. Network operators have to deal with huge data volumes for analysis purpose. To counter this main issue, dealing with IP flow (also known as Netflow) records is common in network management. However, still in modern networks, Netflow records represent high volume of data. In this paper, we present an approach for evaluating Netflow records by referring to a method of temporal aggregation applied to Machine Learning techniques. We present an approach that leverages support vector machines in order to analyze large volumes of Netflow records. Our approach is using a special kernel function, that takes into account both the contextual and the quantitative information of Netflow records. We assess the viability of our method by practical experimentation on data volumes provided by a major internet service provider in Luxembourg.
Type de document :
Communication dans un congrès
Jordi Domingo-Pascual; Pietro Manzoni; Sergio Palazzo; Ana Pont; Caterina Scoglio. 10th IFIP Networking Conference (NETWORKING), May 2011, Valencia, Spain. Springer, Lecture Notes in Computer Science, LNCS-6640 (Part I), pp.28-39, 2011, NETWORKING 2011. 〈10.1007/978-3-642-20757-0_3〉
Liste complète des métadonnées

Littérature citée [25 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00613602
Contributeur : Jérôme François <>
Soumis le : vendredi 5 août 2011 - 10:43:51
Dernière modification le : vendredi 8 septembre 2017 - 09:12:59
Document(s) archivé(s) le : lundi 12 novembre 2012 - 15:11:01

Fichier

MachineLearningNetflowAnomalie...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Cynthia Wagner, Jérôme François, Radu State, Thomas Engel. Machine Learning Approach for IP-Flow Record Anomaly Detection. Jordi Domingo-Pascual; Pietro Manzoni; Sergio Palazzo; Ana Pont; Caterina Scoglio. 10th IFIP Networking Conference (NETWORKING), May 2011, Valencia, Spain. Springer, Lecture Notes in Computer Science, LNCS-6640 (Part I), pp.28-39, 2011, NETWORKING 2011. 〈10.1007/978-3-642-20757-0_3〉. 〈inria-00613602〉

Partager

Métriques

Consultations de la notice

285

Téléchargements de fichiers

2444