Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models

Campazas-Vega, Adrián; Crespo-Martínez, Ignacio Samuel; Guerrero‐Higueras, Ángel Manuel; Fernández-Llamas, Camino

doi:10.3390/s20247294

Cited by 13 publications

(4 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Docker-based framework for gathering NetFlow data (DOROTHEA) is a tool that uses Docker as a base 13 . DOROTHEA 26 allows the creation of virtual networks with multiple machines and different structures to gather stream data.…”

Section: Methodsmentioning

confidence: 99%

“…MoEv has been used in many different research areas, such as in 43 , where the tool was used to detect jamming attacks in real-time location systems, and in 44 where the authors predicted academic success in educational institutions. Furthermore, in 13 , MoEV has been validated and used to detect network attacks. To validate the tool, the researchers replicated the work presented in 45 , obtaining similar results.…”

Section: Methodsmentioning

confidence: 99%

“…This paper also intends to demonstrate that detecting multiple network attacks in sampled network flows using anomaly detection-based techniques is possible. Finally, this work shows that the DOROTHEA tool 13 can generate NetFlow datasets with high sampling thresholds that can be used to train anomaly detection algorithms for their use on real traffic.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Malicious traffic detection on sampled network flow data with novelty-detection-based models

Campazas-Vega,

Crespo-Martínez,

Guerrero-Higueras

et al. 2023

Sci Rep

Self Cite

View full text Add to dashboard Cite

Cyber-attacks are a major problem for users, businesses, and institutions. Classical anomaly detection techniques can detect malicious traffic generated in a cyber-attack by analyzing individual network packets. However, routers that manage large traffic loads can only examine some packets. These devices often use lightweight flow-based protocols to collect network statistics. Analyzing flow data also allows for detecting malicious network traffic. But even gathering flow data has a high computational cost, so routers usually apply a sampling rate to generate flows. This sampling reduces the computational load on routers, but much information is lost. This work aims to demonstrate that malicious traffic can be detected even on flow data collected with a sampling rate of 1 out of 1,000 packets. To do so, we evaluate anomaly-detection-based models using synthetic sampled flow data and actual sampled flow data from RedCAYLE, the Castilla y León regional subnet of the Spanish academic and research network. The results presented show that detection of malicious traffic on sampled flow data is possible using novelty-detection-based models with a high accuracy score and a low false alarm rate.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Malicious traffic detection on sampled network flow data with novelty-detection-based models

Campazas-Vega,

Crespo-Martínez,

Guerrero-Higueras

et al. 2023

Sci Rep

Self Cite

View full text Add to dashboard Cite

show abstract

“…Two sets of NetFlow V5 data have been collected through the use of DOROTHEA, a Docker-based framework developed by Campazas-Vega et al (2020) [10]. This framework facilitates the creation of interconnected virtual networks for the purpose of generating and gathering flow data via the NetFlow protocol.…”

Section: Data Gatheringmentioning

confidence: 99%

Enhanced Network Security against SQL Injection Attack Using Machine Learning

Joshi,

Oza

2024

Preprint

View full text Add to dashboard Cite

SQL injection attacks pose a significant risk to the security of computer networks. These attacks have the potential to gain unauthorized access to sensitive data, modify or remove data, or even render entire websites and databases inoperable. Conventional techniques for identifying and stopping SQL injection attacks are frequently resource-intensive, rendering them unfeasible for devices that manage substantial amounts of traffic. The objective of the proposed research is to improve the identification and prevention of structured query language injection attacks (SQLIAs) in web applications, with a specific focus on attaining a high rate of detection while minimizing false alarms. We utilized flow data obtained from several SQL injection attack scenarios that specifically targeted widely-used database engines. We obtained a high level of accuracy in identifying and mitigating these assaults by utilizing machine learning methods, specifically logistic regression. The method we used showed a detection rate over 98% and a false alarm rate below 0.029%. The results demonstrate substantial enhancements in the prevention of unauthorized access and the protection of sensitive information within databases. The results of our research align with or surpass current techniques, offering enhanced security for web applications. The model’s exceptional accuracy and minimal false alarm rate provide a groundbreaking method for detecting SQL injection attacks.

show abstract