Machine Learning Approach for IP-Flow Record Anomaly Detection - NETWORKING 2011 - Part I
Conference Papers Year : 2011

Machine Learning Approach for IP-Flow Record Anomaly Detection

Abstract

Faced to continuous arising new threats, the detection of anomalies in current operational networks has become essential. Network operators have to deal with huge data volumes for analysis purpose. To counter this main issue, dealing with IP flow (also known as Netflow) records is common in network management. However, still in modern networks, Netflow records represent high volume of data. In this paper, we present an approach for evaluating Netflow records by referring to a method of temporal aggregation applied to Machine Learning techniques. We present an approach that leverages support vector machines in order to analyze large volumes of Netflow records. Our approach is using a special kernel function, that takes into account both the contextual and the quantitative information of Netflow records. We assess the viability of our method by practical experimentation on data volumes provided by a major internet service provider in Luxembourg.
Fichier principal
Vignette du fichier
MachineLearningNetflowAnomalies.pdf (270.06 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

inria-00613602 , version 1 (05-08-2011)

Licence

Identifiers

Cite

Cynthia Wagner, Jérôme François, Radu State, Thomas Engel. Machine Learning Approach for IP-Flow Record Anomaly Detection. 10th IFIP Networking Conference (NETWORKING), May 2011, Valencia, Spain. pp.28-39, ⟨10.1007/978-3-642-20757-0_3⟩. ⟨inria-00613602⟩
438 View
4260 Download

Altmetric

Share

More