Predictability of NetFlow data
File(s)EVANGELOU.pdf (220.08 KB)
Accepted version
Author(s)
Evangelou, M
Adams, N
Type
Conference Paper
Abstract
The behaviour of individual devices connected to an
enterprise network can vary dramatically, as a device’s activity
depends on the user operating the device as well as on all behind
the scenes operations between the device and the network. Being
able to understand and predict a device’s behaviour in a network
can work as the foundation of an anomaly detection framework,
as devices may show abnormal activity as part of a cyber attack.
The aim of this work is the construction of a predictive regression
model for a device’s behaviour at normal state. The behaviour
of a device is presented by a quantitative response and modelled
to depend on historic data recorded by NetFlow.
enterprise network can vary dramatically, as a device’s activity
depends on the user operating the device as well as on all behind
the scenes operations between the device and the network. Being
able to understand and predict a device’s behaviour in a network
can work as the foundation of an anomaly detection framework,
as devices may show abnormal activity as part of a cyber attack.
The aim of this work is the construction of a predictive regression
model for a device’s behaviour at normal state. The behaviour
of a device is presented by a quantitative response and modelled
to depend on historic data recorded by NetFlow.
Date Issued
2016-11-17
Date Acceptance
2016-07-21
Citation
IEEE International Conference on Intelligence and Security Informatics, 2016
Publisher
IEEE
Journal / Book Title
IEEE International Conference on Intelligence and Security Informatics
Copyright Statement
© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Source
IEEE International Conference on Intelligence and Security Informatics
Subjects
Science & Technology
Technology
Computer Science, Theory & Methods
Engineering, Electrical & Electronic
Computer Science
Engineering
Regression trees
Principal component analysis
Publication Status
Published
Start Date
2016-09-28
Finish Date
2016-09-30
Coverage Spatial
Tucson, Arizona, USA