Efficient Learning of Communication Profiles from IP Flow Records

Efficient Learning of Communication Profiles from IP Flow Records

Hammerschmidt, C.A. (University of Luxembourg)
Marchal, Samuel (Aalto University)
State, Radu (University of Luxembourg)
Pellegrino, G. (TU Delft Cyber Security)
Verwer, S.E. (TU Delft Cyber Security)

Kellenberger, Patrick (editor)

2016

The task of network traffic monitoring has evolved drastically with the ever-increasing amount of data flowing in large scale networks. The automated analysis of this tremendous source of information often comes with using simpler models on aggregated data (e.g. IP flow records) due to time and space constraints. A step towards utilizing IP flow records more effectively are stream learning techniques. We propose a method to collect a limited yet relevant amount of data in order to learn a class of complex models, finite state machines, in real-time. These machines are used as communication profiles to fingerprint, identify or classify hosts and services and offer high detection rates while requiring less training data and thus being faster to compute than simple models.

machine learning
ip flow analysis
netflow
communication profiling
botnet detection
intrusion detection

http://resolver.tudelft.nl/uuid:f7985edc-61e0-4ec0-b0c4-66bf4f56fb4a

https://doi.org/10.1109/LCN.2016.92

IEEE, Los Alamitos, CA

978-1-5090-2054-6

Proceedings - 2016 IEEE 41st Conference on Local Computer Networks, LCN 2016

2016 IEEE 41st Conference on Local Computer Networks, LCN 2016, 2016-11-07 → 2016-11-10, Dubai, United Arab Emirates

Accepted author manuscript

Institutional Repository

conference paper

© 2016 C.A. Hammerschmidt, Samuel Marchal, Radu State, G. Pellegrino, S.E. Verwer