Detecting Anomalies in Netflow Record Time Series by Using a Kernel Function
نویسندگان
چکیده
This paper presents current work for the detection of anomalies in Netflow records by leveraging a kernel function method. Netflow records are spatially aggregated over time, such that the designed kernel function can capture topological and quantitative changes in network traffic time series.
منابع مشابه
Machine Learning Approach for IP-Flow Record Anomaly Detection
Faced to continuous arising new threats, the detection of anomalies in current operational networks has become essential. Network operators have to deal with huge data volumes for analysis purpose. To counter this main issue, dealing with IP flow (also known as Netflow) records is common in network management. However, still in modern networks, Netflow records represent high volume of data. In ...
متن کاملA Small-time Scale Netflow-based Anomaly Traffic Detecting Method Using MapReduce
Anomaly traffic detecting using Netflow data is one of important problems in the field of network security. In this paper, we proposed an approach using MapReduce model, which was realized by means of the entropy observation and DFN (Distinct feature number) distribution deviations of traffic features under anomalies at small time scales. The MapReduce was used to deal with huge amounts of data...
متن کاملEnsemble Kernel Learning Model for Prediction of Time Series Based on the Support Vector Regression and Meta Heuristic Search
In this paper, a method for predicting time series is presented. Time series prediction is a process which predicted future system values based on information obtained from past and present data points. Time series prediction models are widely used in various fields of engineering, economics, etc. The main purpose of using different models for time series prediction is to make the forecast with...
متن کاملStability Visualizations as a Low-complexity Descriptor of Network Host Behaviour
Detecting anomalous or malicious behaviour from NetFlow data alone is a difficult task due mainly to the limited information available in a NetFlow record. In this paper we propose a “stability” metric based on only four elements of the NetFlow record (source address, destination address, port, time), which may be efficiently visualized. We show that despite not having access to packet payloads...
متن کاملIdentification of outliers types in multivariate time series using genetic algorithm
Multivariate time series data, often, modeled using vector autoregressive moving average (VARMA) model. But presence of outliers can violates the stationary assumption and may lead to wrong modeling, biased estimation of parameters and inaccurate prediction. Thus, detection of these points and how to deal properly with them, especially in relation to modeling and parameter estimation of VARMA m...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012