Malicious traffic detection on sampled network flow data with novelty-detection-based models-Reference-Cited by-同舟云学术

Malicious traffic detection on sampled network flow data with novelty-detection-based models

Published:2023-09-18 Issue:1 Volume:13 Page:
ISSN:2045-2322
Container-title:Scientific Reports
language:en
Short-container-title:Sci Rep

Author:

Campazas-Vega Adrián,Crespo-Martínez Ignacio Samuel,Guerrero-Higueras Ángel Manuel,Álvarez-Aparicio Claudia,Matellán Vicente,Fernández-Llamas Camino

Abstract

AbstractCyber-attacks are a major problem for users, businesses, and institutions. Classical anomaly detection techniques can detect malicious traffic generated in a cyber-attack by analyzing individual network packets. However, routers that manage large traffic loads can only examine some packets. These devices often use lightweight flow-based protocols to collect network statistics. Analyzing flow data also allows for detecting malicious network traffic. But even gathering flow data has a high computational cost, so routers usually apply a sampling rate to generate flows. This sampling reduces the computational load on routers, but much information is lost. This work aims to demonstrate that malicious traffic can be detected even on flow data collected with a sampling rate of 1 out of 1,000 packets. To do so, we evaluate anomaly-detection-based models using synthetic sampled flow data and actual sampled flow data from RedCAYLE, the Castilla y León regional subnet of the Spanish academic and research network. The results presented show that detection of malicious traffic on sampled flow data is possible using novelty-detection-based models with a high accuracy score and a low false alarm rate.

Funder

Instituto Nacional de Ciberseguridad

Ministerio de Ciencia e Innovación

Publisher

Springer Science and Business Media LLC

Subject

Multidisciplinary

Link

https://www.nature.com/articles/s41598-023-42618-9.pdf

Reference46 articles.

1. Chandola, V., Banerjee, A. & Kumar, V. Anomaly detection: A survey. ACM Comput. Surv. CSUR) 41, 1–58 (2009).

2. Carreño, A., Inza, I. & Lozano, J. A. Analyzing rare event, anomaly, novelty, and outlier detection terms under the supervised classification framework. Artif. Intell. Rev. 53, 3575–3594 (2020).

3. Géron, A. Hands-on machine learning with Scikit-Learn, Keras, and TensorFlow: Concepts, tools, and techniques to build intelligent systems (O’Reilly Media, 2019).

4. Syarif, I., Prugel-Bennett, A. & Wills, G. Unsupervised clustering approach for network anomaly detection. In International Conference on Networked Digital Technologies, 135–145 (Springer, 2012).

5. Auskalnis, J., Paulauskas, N. & Baskys, A. Application of local outlier factor algorithm to detect anomalies in computer network. Elektronika ir Elektrotechnika 24, 96–99 (2018).

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Detecting Network Anomalies in NetFlow Traffic with Machine Learning Algorithms;2024 IEEE 49th Conference on Local Computer Networks (LCN);2024-10-08

2. Security Dataset Augmentation Invariance and Distribution Independence;2024 International Conference on Computing, Networking and Communications (ICNC);2024-02-19

3. Malicious traffic detection for cloud-edge-end networks: A deep learning approach;Computer Communications;2024-02