NetFlow anomaly detection though parallel cluster density analysis in continuous time-series

Kieran Flanagan, Enda Fallon, Paul Connolly, Abir Awad

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)

Abstract

The increase in malicious network based attacks has resulted in a growing interest in network anomaly detection. The ability to detect unauthorized or malicious activity on a network is of importance to any organization. With the increase in novel attacks, anomaly detection techniques can be more successful in detecting unknown malicious activity in comparison to traditional signature based methods. However, in a real-world environment, there are many variables that cannot be simulated. This paper proposes an architecture where parallel clustering algorithms work concurrently in order to detect abnormalities that may be lost while traversing over time-series windows. The presented results describe the NetFlow activity of the NPD Group, Inc. over a 24-hour period. The presented results contain real-world anomalies that were detected.

Original languageEnglish
Title of host publicationWired/Wireless Internet Communications - 15th IFIP WG 6.2 International Conference, WWIC 2017, Proceedings
EditorsIbrahim Matta, Yevgeni Koucheryavy, Aleksandr Ometov, Lefteris Mamatas, Panagiotis Papadimitriou
PublisherSpringer-Verlag GmbH and Co. KG
Pages221-232
Number of pages12
ISBN (Print)9783319613819
DOIs
Publication statusPublished - 2017
Event15th International Conference on Wired/Wireless Internet Communications, WWIC 2017 - St. Petersburg, Russian Federation
Duration: 21 Jun 201723 Jun 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10372 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Wired/Wireless Internet Communications, WWIC 2017
Country/TerritoryRussian Federation
CitySt. Petersburg
Period21/06/1723/06/17

Keywords

  • Anomaly detection
  • Clustering
  • Density analysis
  • NetFlow

Fingerprint

Dive into the research topics of 'NetFlow anomaly detection though parallel cluster density analysis in continuous time-series'. Together they form a unique fingerprint.

Cite this