Multi-granular aggregation of network flows for security analysis

Tao Ding; Ahmed Aleroud; George Karabatis

doi:10.1109/ISI.2015.7165965

Multi-granular aggregation of network flows for security analysis

Tao Ding, Ahmed Aleroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

13 Scopus citations

Abstract

Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.

Original language	English (US)
Title of host publication	2015 IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publication	Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015
Editors	Lina Zhou, G. Alan Wang, Wenji Mao, Lisa Kaati
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	173-175
Number of pages	3
ISBN (Electronic)	9781479998883
DOIs	https://doi.org/10.1109/ISI.2015.7165965
State	Published - Jul 23 2015
Externally published	Yes
Event	13th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 - Baltimore, United States Duration: May 27 2015 → May 29 2015

Publication series

Name	2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015

Conference

Conference	13th IEEE International Conference on Intelligence and Security Informatics, ISI 2015
Country/Territory	United States
City	Baltimore
Period	5/27/15 → 5/29/15

Keywords

Flow aggregation
Intrusion Detection
NetFlow
traffic classification

ASJC Scopus subject areas

Artificial Intelligence
Law
Computer Networks and Communications
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ISI.2015.7165965

Cite this

Ding, T., Aleroud, A., & Karabatis, G. (2015). Multi-granular aggregation of network flows for security analysis. In L. Zhou, G. A. Wang, W. Mao, & L. Kaati (Eds.), 2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015 (pp. 173-175). Article 7165965 (2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2015.7165965

Multi-granular aggregation of network flows for security analysis. / Ding, Tao; Aleroud, Ahmed; Karabatis, George.
2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015. ed. / Lina Zhou; G. Alan Wang; Wenji Mao; Lisa Kaati. Institute of Electrical and Electronics Engineers Inc., 2015. p. 173-175 7165965 (2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ding, T, Aleroud, A & Karabatis, G 2015, Multi-granular aggregation of network flows for security analysis. in L Zhou, GA Wang, W Mao & L Kaati (eds), 2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015., 7165965, 2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015, Institute of Electrical and Electronics Engineers Inc., pp. 173-175, 13th IEEE International Conference on Intelligence and Security Informatics, ISI 2015, Baltimore, United States, 5/27/15. https://doi.org/10.1109/ISI.2015.7165965

Ding T, Aleroud A, Karabatis G. Multi-granular aggregation of network flows for security analysis. In Zhou L, Wang GA, Mao W, Kaati L, editors, 2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 173-175. 7165965. (2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015). doi: 10.1109/ISI.2015.7165965

Ding, Tao ; Aleroud, Ahmed ; Karabatis, George. / Multi-granular aggregation of network flows for security analysis. 2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015. editor / Lina Zhou ; G. Alan Wang ; Wenji Mao ; Lisa Kaati. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 173-175 (2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015).

@inproceedings{fdb0c912d6254e9082ff581c30a563c1,

title = "Multi-granular aggregation of network flows for security analysis",

abstract = "Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.",

keywords = "Flow aggregation, Intrusion Detection, NetFlow, traffic classification",

author = "Tao Ding and Ahmed Aleroud and George Karabatis",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 13th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 ; Conference date: 27-05-2015 Through 29-05-2015",

year = "2015",

month = jul,

day = "23",

doi = "10.1109/ISI.2015.7165965",

language = "English (US)",

series = "2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "173--175",

editor = "Lina Zhou and Wang, {G. Alan} and Wenji Mao and Lisa Kaati",

booktitle = "2015 IEEE International Conference on Intelligence and Security Informatics",

}

TY - GEN

T1 - Multi-granular aggregation of network flows for security analysis

AU - Ding, Tao

AU - Aleroud, Ahmed

AU - Karabatis, George

PY - 2015/7/23

Y1 - 2015/7/23

N2 - Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.

AB - Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.

KW - Flow aggregation

KW - Intrusion Detection

KW - NetFlow

KW - traffic classification

UR - http://www.scopus.com/inward/record.url?scp=84963768930&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84963768930&partnerID=8YFLogxK

U2 - 10.1109/ISI.2015.7165965

DO - 10.1109/ISI.2015.7165965

M3 - Conference contribution

AN - SCOPUS:84963768930

T3 - 2015 IEEE International Conference on Intelligence and Security Informatics: Securing the World through an Alignment of Technology, Intelligence, Humans and Organizations, ISI 2015

SP - 173

EP - 175

BT - 2015 IEEE International Conference on Intelligence and Security Informatics

A2 - Zhou, Lina

A2 - Wang, G. Alan

A2 - Mao, Wenji

A2 - Kaati, Lisa

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 13th IEEE International Conference on Intelligence and Security Informatics, ISI 2015

Y2 - 27 May 2015 through 29 May 2015

ER -

Multi-granular aggregation of network flows for security analysis

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this