Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP International Conference on Autonomous Infrastructure, Management and Security

AIMS 2012: Dependable Networks and Services pp 122–125Cite as

  1. Home
  2. Dependable Networks and Services
  3. Conference paper
Detecting Anomalies in Netflow Record Time Series by Using a Kernel Function

Detecting Anomalies in Netflow Record Time Series by Using a Kernel Function

  • Cynthia Wagner20 &
  • Thomas Engel20 
  • Conference paper
  • 1445 Accesses

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 7279)

Abstract

This paper presents current work for the detection of anomalies in Netflow records by leveraging a kernel function method. Netflow records are spatially aggregated over time, such that the designed kernel function can capture topological and quantitative changes in network traffic time series.

Keywords

  • Netflow records
  • Aggregation
  • Kernel Function

Download conference paper PDF

References

  1. Cho, K., Kaizaki, R., Kato, A.: Aguri: An Aggregation-Based Traffic Profiler. In: Smirnov, M., Crowcroft, J., Roberts, J., Boavida, F. (eds.) QofIS 2001. LNCS, vol. 2156, pp. 222–242. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  2. Culotta, A., Sorensen, J.: Dependency Tree Kernels for Relation Extraction. In: 42nd Ann. Meet. on Association for Computational Linguistics, Spain (2004)

    Google Scholar 

  3. Estan, C.: Building a better NetFlow. In: Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 245–256 (2004)

    Google Scholar 

  4. Kahn, L., Awad, M., Thuraisungham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal 16(4), 507–521 (2007)

    CrossRef  Google Scholar 

  5. Kaizaki, R., Nakamura, O., Murai, J.: Characteristics of Denial of Service Attacks on Internet Using Aguri. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 849–857. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  6. Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: Multilevel Traffic Classification in the Dark. In: ACM SIGCOMM 2005, Pennsylvania, USA (2005)

    Google Scholar 

  7. Karpilovsky, E., Gerber, A., Pei, D., Rexford, J., Shaikh, A.: Quantifying the Extent of IPv6 Deployment. In: Moon, S.B., Teixeira, R., Uhlig, S. (eds.) PAM 2009. LNCS, vol. 5448, pp. 13–22. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  8. Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: ACM SIGCOMM 2005, Philadelphia, Pennsylvania, USA (2005)

    Google Scholar 

  9. McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow Clustering Using Machine Learning Techniques. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 205–214. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  10. Morrison, D.R.: PATRICIA- - Practical Algorithm To Retrieve Infromation Coded in Alphanumeric. ACM Journal 15(4), 514–534 (1968)

    CrossRef  Google Scholar 

  11. Paredes-Oliva, I., Barlet-Ros, P., Solé-Pareta, J.: Portscan Detection with Sampled NetFlow. In: Papadopouli, M., Owezarski, P., Pras, A. (eds.) TMA 2009. LNCS, vol. 5537, pp. 26–33. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  12. Schoelkopf, B., Smola, J.: Learning with kernels, ch. 1-3. MIT Press (2002)

    Google Scholar 

  13. Vapnik, V.: Statistical Learning Theory. Wiley (1998)

    Google Scholar 

  14. Wagner, C., François, J., State, R., Engel, T.: Machine Learning Approach for IP-Flow Record Anomaly Detection. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds.) NETWORKING 2011, Part I. LNCS, vol. 6640, pp. 28–39. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Luxembourg - SnT, Campus Kircherg, L-1359, Luxembourg, Luxembourg

    Cynthia Wagner & Thomas Engel

Authors
  1. Cynthia Wagner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Engel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Electrical Engineering, Mathematics, and Computer Science, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands

    Ramin Sadre

  2. Institute of Computer Science, Masaryk University, Botanická 68a, 602 00, Brno, Czech Republic

    Jiří Novotný & Pavel Čeleda & 

  3. Institut für Informatik (IFI), Universität Zürich, Binzmühlestraße 14, 8050, Zürich, Switzerland

    Martin Waldburger

  4. Institut für Informatik (IFI), Universität Zürich, Binzmühlestrasse 14, 8050, Zürich, Switzerland

    Burkhard Stiller

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Wagner, C., Engel, T. (2012). Detecting Anomalies in Netflow Record Time Series by Using a Kernel Function. In: Sadre, R., Novotný, J., Čeleda, P., Waldburger, M., Stiller, B. (eds) Dependable Networks and Services. AIMS 2012. Lecture Notes in Computer Science, vol 7279. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30633-4_16

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-30633-4_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30632-7

  • Online ISBN: 978-3-642-30633-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature