TY - GEN
T1 - NetFlow anomaly detection though parallel cluster density analysis in continuous time-series
AU - Flanagan, Kieran
AU - Fallon, Enda
AU - Connolly, Paul
AU - Awad, Abir
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2017.
PY - 2017
Y1 - 2017
N2 - The increase in malicious network based attacks has resulted in a growing interest in network anomaly detection. The ability to detect unauthorized or malicious activity on a network is of importance to any organization. With the increase in novel attacks, anomaly detection techniques can be more successful in detecting unknown malicious activity in comparison to traditional signature based methods. However, in a real-world environment, there are many variables that cannot be simulated. This paper proposes an architecture where parallel clustering algorithms work concurrently in order to detect abnormalities that may be lost while traversing over time-series windows. The presented results describe the NetFlow activity of the NPD Group, Inc. over a 24-hour period. The presented results contain real-world anomalies that were detected.
AB - The increase in malicious network based attacks has resulted in a growing interest in network anomaly detection. The ability to detect unauthorized or malicious activity on a network is of importance to any organization. With the increase in novel attacks, anomaly detection techniques can be more successful in detecting unknown malicious activity in comparison to traditional signature based methods. However, in a real-world environment, there are many variables that cannot be simulated. This paper proposes an architecture where parallel clustering algorithms work concurrently in order to detect abnormalities that may be lost while traversing over time-series windows. The presented results describe the NetFlow activity of the NPD Group, Inc. over a 24-hour period. The presented results contain real-world anomalies that were detected.
KW - Anomaly detection
KW - Clustering
KW - Density analysis
KW - NetFlow
UR - http://www.scopus.com/inward/record.url?scp=85021744350&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-61382-6_18
DO - 10.1007/978-3-319-61382-6_18
M3 - Conference contribution
AN - SCOPUS:85021744350
SN - 9783319613819
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 221
EP - 232
BT - Wired/Wireless Internet Communications - 15th IFIP WG 6.2 International Conference, WWIC 2017, Proceedings
A2 - Matta, Ibrahim
A2 - Koucheryavy, Yevgeni
A2 - Ometov, Aleksandr
A2 - Mamatas, Lefteris
A2 - Papadimitriou, Panagiotis
PB - Springer-Verlag GmbH and Co. KG
T2 - 15th International Conference on Wired/Wireless Internet Communications, WWIC 2017
Y2 - 21 June 2017 through 23 June 2017
ER -