On Early Detection of Anomalous Network Flows

There are numerous methods of identifying network-based attacks using machine learning, but processing complexity often constrains it to analyses previously captured traffic retroactively identify attacks. This paper investigates learning for early detection in progress with minimal preprocessing. We transform raw network data directly into formats suitable several and deep models including Random Forest two-dimensional Convolutional Neural Networks. Many these demonstrate high accuracy detecting a mixture mostly DoS- botnet-related types five open-source datasets containing packet captures from testbed-generated traffic. compare our results post-mortem trace analysis prior works which also analyze datasets. the features, limitations, complexity, those works. When trained tested on same datasets, most performed very well (>95% accuracy) being best. investigated training time required testing throughput, RF consistently outperformed other models.