Attacks Detection on Sampled Netflow Traffic Through Image Analysis with Convolutional Neural Networks (CNN)

• Autores: Alberto Fernández de Retana, Alberto Miranda García, Ángel Manuel Guerrero, Camino Fernández Llamas
• Localización: 14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational (CISIS 2021 and ICEUTE 2021) / coord. por Juan José Gude, José Gaviria de la Puerta, Pablo García Bringas , Héctor Quintián Pardo , Emilio Santiago Corchado Rodríguez , 2021, ISBN 978-3-030-87871-9, págs. 33-40
• Idioma: inglés
• Texto completo no disponible (Saber más ...)
• Resumen

  • The interest in attacks detection has increased significantly in recent years together with the internet traffic and connections. Due to the big amount of packages, it is not feasible to analyze the payload of every packet that goes through the network. In order to have a statistical solution, the NetFlow protocol was designed. The payload of the packets is not included in the information stored by this protocol, making the detection of malicious attacks more challenging. Furthermore, to alleviate the performance penalty generated by the NetFlow on the routers, the Sampled NetFlow was developed. Sampled NetFlow allows the system administrators to define the interval in which these flows are going to be gathered. In the literature, there are several approaches that make use of traditional Machine Learning methods like KNN or SVM. To the best of our knowledge, there is currently no study attempting to probe Convolutional Neural Network on Sampled NetFlow. In this paper, we present the results obtained using Convolutional Neural Network on flows of Sampled NetFlow v5 to fill this gap. Our approach was able to obtain 94.15% of accuracy on sampling rate of 500. Additionally the limitations of this technique are going to be discussed if the interval of the Sampled Netflow is greather than 500.