Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond
Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond
A Tutorial on Support Vector Machines for Pattern Recognition
Data Mining and Knowledge Discovery
NetFlow: information loss or win?
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Support Vector Machines: Theory and Applications (Studies in Fuzziness and Soft Computing)
Support Vector Machines: Theory and Applications (Studies in Fuzziness and Soft Computing)
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Estimating the Support of a High-Dimensional Distribution
Neural Computation
Towards highly reliable enterprise network services via inference of multi-level dependencies
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A new intrusion detection system using support vector machines and hierarchical clustering
The VLDB Journal — The International Journal on Very Large Data Bases
FLAME: a flow-level anomaly modeling engine
CSET'08 Proceedings of the conference on Cyber security experimentation and test
Quantifying the Extent of IPv6 Deployment
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Portscan Detection with Sampled NetFlow
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
A Labeled Data Set for Flow-Based Intrusion Detection
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
An SVM-based machine learning method for accurate internet traffic classification
Information Systems Frontiers
PeekKernelFlows: peeking into IP flows
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Optimizing weighted kernel function for support vector machine by genetic algorithm
MICAI'06 Proceedings of the 5th Mexican international conference on Artificial Intelligence
Detecting anomalies in netflow record time series by using a kernel function
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
NetStage/DPR: A self-reconfiguring platform for active and passive network security operations
Microprocessors & Microsystems
Review: A survey of network flow applications
Journal of Network and Computer Applications
Hi-index | 0.00 |
Faced to continuous arising new threats, the detection of anomalies in current operational networks has become essential. Network operators have to deal with huge data volumes for analysis purpose. To counter this main issue, dealing with IP flow (also known as Netflow) records is common in network management. However, still in modern networks, Netflow records represent high volume of data. In this paper, we present an approach for evaluating Netflow records by referring to a method of temporal aggregation applied to Machine Learning techniques. We present an approach that leverages support vector machines in order to analyze large volumes of Netflow records. Our approach is using a special kernel function, that takes into account both the contextual and the quantitative information of Netflow records. We assess the viability of our method by practical experimentation on data volumes provided by a major internet service provider in Luxembourg.