Multi-granular aggregation of network flows for security analysis

Tao Ding, Ahmed Aleroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.

Original languageEnglish (US)
Title of host publication2015 IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publicationSecuring the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015
EditorsLina Zhou, G. Alan Wang, Wenji Mao, Lisa Kaati
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages173-175
Number of pages3
ISBN (Electronic)9781479998883
DOIs
StatePublished - Jul 23 2015
Externally publishedYes
Event13th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 - Baltimore, United States
Duration: May 27 2015May 29 2015

Publication series

Name2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015

Conference

Conference13th IEEE International Conference on Intelligence and Security Informatics, ISI 2015
CountryUnited States
CityBaltimore
Period5/27/155/29/15

Keywords

  • Flow aggregation
  • Intrusion Detection
  • NetFlow
  • traffic classification

ASJC Scopus subject areas

  • Artificial Intelligence
  • Law
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Multi-granular aggregation of network flows for security analysis'. Together they form a unique fingerprint.

Cite this