NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph

Yang, Chao-Tung; Liu, Jung-Chun; Kristiani, Endah; Liu, Ming-Lun; You, Ilsun; Pau, Giovanni

doi:10.1109/access.2019.2963716

Cited by 19 publications

(9 citation statements)

References 19 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors in [10] refine that approach by defining the width according to the standard deviation of the noise of the time series-the difference between real and predicted values. Interestingly, the prediction is carried out through a trained Long Short-Term Memory (LSTM) neural network, similar to other works such as [11], [12]. We share their view of how the current trends of transferring machine-learning mechanisms to network problems are a good direction and, then, we embrace the approach of predicting traffic through neural networks.…”

Section: Introductionmentioning

confidence: 92%

Towards the Automatic and Schedule-Aware Alerting of Internetwork Time Series

et al. 2021

View full text Add to dashboard Cite

A common factor of every network monitoring system is an alerting module for time series. This module aims at triggering a warning when any type of abnormal behavior is detected in the patterns of a time series. Such a search for anomalies can be carried out by network managers as a supervised task such that the thresholds for considering a measurement as an anomaly are set following a manual process. Alternatively, we focus on how to translate such a task to an unsupervised one, thus alleviating network managers' dedication. To this end, we have developed, based on the experience of monitoring dozens of networks, a player of real anomalies. Thus, by recreating real issues, the alerting systems' parametrization can be carried out without supervision. Additionally, as a novelty, we propose to consider the network managers' workforce as a significant parameter to configure the thresholds of the alerting moduleessentially, avoiding triggering alarms that will hardly receive attention. Then, we propose to measure and rank alarms by relevance, and relate them to the time to be solved for constructing, eventually, automatic schedules for the members of the staff-according to their time availability. Finally, all these proposals have been put into practice in various deployments of monitoring systems on networks in operation, which gives us evidence of its usefulness and low demand for resources.

show abstract

Section: Introductionmentioning

confidence: 92%

Towards the Automatic and Schedule-Aware Alerting of Internetwork Time Series

et al. 2021

View full text Add to dashboard Cite

show abstract

“…The current research shows that the network flow data can be effectively analyzed using various machine-learning techniques such as unsupervised clustering [8], Random-Forests (RF) [22], or deep learning [19]. The authors of [5] present a range of deep neural network topologies and test the influence of hyperpaprameter setups on the accuracy of the solution.…”

Section: Related Workmentioning

confidence: 99%

“…In opposite to that, in [19], the authors have adapted recurrent neural networks (RNN) with long short-term memory (LSTM) units on top of the NetFlow data. In addition to that they also used a flexible distributed architecture to handle the curation of large amount of data.…”

Section: Related Workmentioning

confidence: 99%

A new method of hybrid time window embedding with transformer-based traffic data classification in IoT-networked environment

Kozik

Pawlicki

Choraś

2021

Pattern Anal Applic

View full text Add to dashboard Cite

The Internet of Things (IoT) appliances often expose sensitive data, either directly or indirectly. They may, for instance, tell whether you are at home right now or what your long or short-term habits are. Therefore, it is crucial to protect such devices against adversaries and has in place an early warning system which indicates compromised devices in a quick and efficient manner. In this paper, we propose time window embedding solutions that efficiently process a massive amount of data and have a low-memory-footprint at the same time. On top of the proposed embedding vectors, we use the core anomaly detection unit. It is a classifier that is based on the transformer’s encoder component followed by a feed-forward neural network. We have compared the proposed method with other classical machine-learning algorithms. Therefore, in the paper, we formally evaluate various machine-learning schemes and discuss their effectiveness in the IoT-related context. Our proposal is supported by detailed experiments that have been conducted on the recently published Aposemat IoT-23 dataset.

show abstract

“…Some studies have focused on anomaly and abnormal traffic. Yang et al [82] built a model that found hidden abnormal traffic in the network to detect attacks using DL techniques. The dataset used was NetFlow campus information, which is a collection of data gathered by campus routers.…”

Section: Malicious Traffic Classificationmentioning

confidence: 99%

Intelligent Techniques for Detecting Network Attacks: Review and Research Directions

Aljabri

Aljameel

Mohammad

et al. 2021

Sensors

View full text Add to dashboard Cite

The significant growth in the use of the Internet and the rapid development of network technologies are associated with an increased risk of network attacks. Network attacks refer to all types of unauthorized access to a network including any attempts to damage and disrupt the network, often leading to serious consequences. Network attack detection is an active area of research in the community of cybersecurity. In the literature, there are various descriptions of network attack detection systems involving various intelligent-based techniques including machine learning (ML) and deep learning (DL) models. However, although such techniques have proved useful within specific domains, no technique has proved useful in mitigating all kinds of network attacks. This is because some intelligent-based approaches lack essential capabilities that render them reliable systems that are able to confront different types of network attacks. This was the main motivation behind this research, which evaluates contemporary intelligent-based research directions to address the gap that still exists in the field. The main components of any intelligent-based system are the training datasets, the algorithms, and the evaluation metrics; these were the main benchmark criteria used to assess the intelligent-based systems included in this research article. This research provides a rich source of references for scholars seeking to determine their scope of research in this field. Furthermore, although the paper does present a set of suggestions about future inductive directions, it leaves the reader free to derive additional insights about how to develop intelligent-based systems to counter current and future network attacks.

show abstract

NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph

Cited by 19 publications

References 19 publications

Towards the Automatic and Schedule-Aware Alerting of Internetwork Time Series

Towards the Automatic and Schedule-Aware Alerting of Internetwork Time Series

A new method of hybrid time window embedding with transformer-based traffic data classification in IoT-networked environment

Intelligent Techniques for Detecting Network Attacks: Review and Research Directions

Contact Info

Product

Resources

About