Flow Aggregator Module for Analysing Network Traffic
Conference paper
First Online:
Abstract
Network flow aggregation is a significant task for network analysis, which summarises the flows and improves the performance of intrusion detection systems (IDSs). Although there are some well-known flow analysis tools in the industry, such as NetFlow, sFlow and IPFIX, they can only aggregate one attribute at a time which increases networks’ overheads while running network analysis. In this paper, to address this challenge, we propose a new flow aggregator module which provides promising results compared with the existing tools using the UNSW-NB15 data set.
Keywords
Network flow aggregation Intrusion detection system (IDS) Sampling techniques Association rule mining (ARM)References
- 1.Ahmed, M., Mahmood, A.N., Maher, M.J.: A novel approach for network traffic summarization. In: International Conference on Scalable Information Systems, pp. 51–60. Springer (2014)Google Scholar
- 2.Carela-Español, V., Barlet-Ros, P., Cabellos-Aparicio, A., Solé-Pareta, J.: Analysis of the impact of sampling on netflow traffic classification. Computer Networks 55(5), 1083–1099 (2011)Google Scholar
- 3.Cecil, A.: A summary of network traffic monitoring and analysis techniques. In: Conference on Instruction & Technology (CIT), pp. 10–25 (2012)Google Scholar
- 4.Cochran, W.G.: Sampling techniques. John Wiley & Sons (2007)Google Scholar
- 5.Duffield, N.: Sampling for passive internet measurement: A review. Statistical Science pp. 472–498 (2004)Google Scholar
- 6.Hulboj, M.M., Jurga, R.E.: Packet sampling and network monitoring (2007)Google Scholar
- 7.Kerr, D.R., Bruins, B.L.: Network flow switching and flow data export (2009). US Patent 7,475,156Google Scholar
- 8.Li, B., Springer, J., Bebis, G., Gunes, M.H.: A survey of network flow applications. Journal of Network and Computer Applications 36(2), 567–581 (2013)Google Scholar
- 9.Moustafa, N., Slay, J.: A hybrid feature selection for network intrusion detection systems: Central points (2015)Google Scholar
- 10.Moustafa, N., Slay, J.: The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2015 4th International Workshop on, pp. 25–31. IEEE (2015)Google Scholar
- 11.Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1–6. IEEE (2015)Google Scholar
- 12.Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective 25(1–3), 18–31 (2016)Google Scholar
- 13.Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Transactions on Big Data 99, 1–1 (2017). https://doi.org/10.1109/TBDATA.2017.2715166
- 14.Nikolai, J., Wang, Y.: Hypervisor-based cloud intrusion detection system. In: Computing, Networking and Communications (ICNC), 2014 International Conference on, pp. 989–993. IEEE (2014)Google Scholar
- 15.Rieke, M., Dennis, J.S., Thorson, S.R.: Systems and methods for network data flow aggregation (2015). US Patent App. 14/974,378Google Scholar
- 16.Shirali-Shahreza, S., Ganjali, Y.: Flexam: flexible sampling extension for monitoring and security applications in openflow. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 167–168. ACM (2013)Google Scholar
- 17.Zhang, Y., Binxing, F., Hao, L.: Identifying high-rate flows based on sequential sampling. IEICE TRANSACTIONS on Information and Systems 93(5), 1162–1174 (2010)Google Scholar
Copyright information
© Springer Nature Singapore Pte Ltd. 2018