DANAK: Finding the odd!

Author

Wagner, Cynthia ; François, Jérôme ; State, Radu ; Engel, Thomas

Author_Institution

SnT - Interdiscipl. Centre for Security, Reliability & Trust, Univ. of Luxembourg, Luxembourg, Luxembourg

fYear

2011

fDate

6-8 Sept. 2011

Firstpage

161

Lastpage

168

Abstract

With the growth of network connectivity and network sizes, the interest in traffic classification respectively attack and anomaly detection in network monitoring and security related activities have become very strong. In this paper, a new tool called DANAK has been developed for the detection of anomalies in Netflow records by referring to spatial and temporal information aggregation in combination with Machine Learning techniques. Spatially aggregated Netflow records are fed in a new designed kernel function in order to analyze Netflow records on context and quantitative information. To strengthen the analysis of large volumes of Netflow records, Phase Space Embedding and Machine Learning are applied. The proposed method has been validated by extensive experimentation on real data sets, including numerous attack strategies of different roots.

Keywords

computer network security; learning (artificial intelligence); protocols; telecommunication traffic; DANAK; anomaly detection; detecting anomalies in netflow records by spatial aggregation and kernel method; machine learning techniques; network monitoring; network security; phase space embedding; spatial information aggregation; temporal information aggregation; traffic classification; Fires; IP networks; Kernel; Machine learning; Measurement; Monitoring; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and System Security (NSS), 2011 5th International Conference on

Conference_Location

Milan

Print_ISBN

978-1-4577-0458-1

Type

conf

DOI

10.1109/ICNSS.2011.6059996

Filename

6059996