Title :
DANAK: Finding the odd!
Author :
Wagner, Cynthia ; François, Jérôme ; State, Radu ; Engel, Thomas
Author_Institution :
SnT - Interdiscipl. Centre for Security, Reliability & Trust, Univ. of Luxembourg, Luxembourg, Luxembourg
Abstract :
With the growth of network connectivity and network sizes, the interest in traffic classification respectively attack and anomaly detection in network monitoring and security related activities have become very strong. In this paper, a new tool called DANAK has been developed for the detection of anomalies in Netflow records by referring to spatial and temporal information aggregation in combination with Machine Learning techniques. Spatially aggregated Netflow records are fed in a new designed kernel function in order to analyze Netflow records on context and quantitative information. To strengthen the analysis of large volumes of Netflow records, Phase Space Embedding and Machine Learning are applied. The proposed method has been validated by extensive experimentation on real data sets, including numerous attack strategies of different roots.
Keywords :
computer network security; learning (artificial intelligence); protocols; telecommunication traffic; DANAK; anomaly detection; detecting anomalies in netflow records by spatial aggregation and kernel method; machine learning techniques; network monitoring; network security; phase space embedding; spatial information aggregation; temporal information aggregation; traffic classification; Fires; IP networks; Kernel; Machine learning; Measurement; Monitoring; Security;
Conference_Titel :
Network and System Security (NSS), 2011 5th International Conference on
Conference_Location :
Milan
Print_ISBN :
978-1-4577-0458-1
DOI :
10.1109/ICNSS.2011.6059996
