2022
DOI: 10.48550/arxiv.2207.03890
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

Encoding NetFlows for State-Machine Learning

Abstract: NetFlow data is a well-known network log format used by many network analysts and researchers. The advantages of using this format compared to pcap are that it contains fewer data, is less privacy intrusive, and is easier to collect and process. However, having less data does mean that this format might not be able to capture important network behaviour as all information is summarised into statistics. Much research aims to overcome this disadvantage through the use of machine learning, for instance, to detect… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
1
0

Year Published

2023
2023
2023
2023

Publication Types

Select...
1
1

Relationship

0
2

Authors

Journals

citations
Cited by 2 publications
(3 citation statements)
references
References 19 publications
0
1
0
Order By: Relevance
“…Source port is problematic because it typically gets arbitrarily assigned by the operating system, and as such should not be indicative of malicious behaviour. However, the CTU-13 dataset uses only a small subset of VMrelated port numbers [29], which inadvertently becomes indicative of malicious behaviour. This is a common shortcoming of lab-collected datasets [16].…”
Section: Tutorial: Debugging a Malicious Network Traffic Detector Via...mentioning
confidence: 99%
“…Source port is problematic because it typically gets arbitrarily assigned by the operating system, and as such should not be indicative of malicious behaviour. However, the CTU-13 dataset uses only a small subset of VMrelated port numbers [29], which inadvertently becomes indicative of malicious behaviour. This is a common shortcoming of lab-collected datasets [16].…”
Section: Tutorial: Debugging a Malicious Network Traffic Detector Via...mentioning
confidence: 99%
“…Compared to pcap format, NetFlow data contains less data, making it easier to collect and process. Additionally, NetFlow is less intrusive to privacy, further enhancing its appeal as a preferred network log format (Cao et al, 2022). Rather than focusing on individual packets, flow monitoring analyzes the flow of traffic, making it a more scalable approach to traffic analysis.…”
Section: Netflowmentioning
confidence: 99%
“…Every flow in NetFlow contains network statistics representing a connection between two hosts. These statistics can be utilized to compute performance metrics and to identify any unusual or abnormal network behavior (Cao et al, 2022).…”
Section: Netflowmentioning
confidence: 99%