Sparse Autoencoders for Unsupervised Netflow Data Classification

  • Rafał KozikEmail author
  • Marek Pawlicki
  • Michał Choraś
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 892)


The ongoing growth in the complexity of malicious software has rendered the long-established solutions for cyber attack detection inadequate. Specifically, at any time novel malware emerges, the conventional security systems prove inept until the signatures are brought up to date. Moreover, the bulk of machine-learning based solutions rely on supervised training, which generally leads to an added burden for the admin to label the network traffic and to re-train the system periodically. Consequently, the major contribution of this paper is an outline of an unsupervised machine learning approach to cybersecurity, in particular, a proposal to use sparse autoencoders to detect the malicious behaviour of hosts in the network. We put forward a means of botnet detection through the analysis of data in the form of Netflows for a use case.


  1. 1.
    The Malware Capture Facility Project.
  2. 2.
    Grill, M., Nikolaev, I., Valeros, V., Rehak, M.: Detecting DGA malware using NetFlow. In: IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, pp. 1304–1309 (2015).
  3. 3.
    Abt, S., Baier, H.: Towards efficient and privacy-preserving network-based botnet detection using NetFlow data. In: Proceedings of the Ninth International Network Conference (INC 2012) (2012)Google Scholar
  4. 4.
    Tran, Q.A., Jiang, F., Hu, J.: A real-time NetFlow-based intrusion detection system with improved BBNN and high-frequency field programmable gate arrays. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool, pp. 201–208 (2012).
  5. 5.
    Flanagan, K., Fallon, E., Awad, A., Connolly, P.: Self-configuring NetFlow anomaly detection using cluster density analysis. In: 19th International Conference on Advanced Communication Technology (ICACT), Bongpyeong, pp. 421–427.
  6. 6.
    Yuan, X.: PhD forum: deep learning-based real-time malware detection with multi-stage analysis. In: IEEE International Conference on Smart Computing (SMARTCOMP), Hong Kong, pp. 1–2 (2017).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.UTP University of Science and Technology in BydgoszczBydgoszczPoland

Personalised recommendations