Title :
Multi-granular aggregation of network flows for security analysis
Author :
Tao Ding ; AlEroud, Ahmed ; Karabatis, George
Author_Institution :
Dept. of Inf. Syst., Univ. of Maryland, Baltimore County, Baltimore, MD, USA
Abstract :
Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.
Keywords :
computer network security; learning (artificial intelligence); pattern classification; statistical analysis; cyber-attack; machine-learning classifier; multigranular aggregation; network flow statistics; payload-based IDS; security analysis; security event; Correlation; Grippers; Hidden Markov models; IP networks; Intrusion detection; Predictive models; Flow aggregation; Intrusion Detection; NetFlow; traffic classification;
Conference_Titel :
Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on
Conference_Location :
Baltimore, MD
Print_ISBN :
978-1-4799-9888-3
DOI :
10.1109/ISI.2015.7165965
