NetFlow Anomaly Detection Dataset Creation for Traffic Analysis

2024 IEEE 65th International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS 2024): Proceedings 2024
Evita Roponena, Inese Poļaka, Jānis Grabis

Information and communication technologies (ICT) and their security are essential for large enterprises and higher education institutions to maintain business integrity. These technologies create a large amount of data that should be analysed simultaneously to detect threats in the ICT system to protect the data. NetFlow is a network protocol that can be used to monitor network traffic, collect IP addresses, and detect anomalies in NetFlow. This study provides a method for creating a dataset of real-life NetFlow for anomaly detection using machine learning. The dataset was validated by implementing anomaly detection with the K-means clustering algorithm and time-series forecasting using the long short-term memory method. The study provides a feature dataset for both machine learning methods and an overview of the anomaly detection methods used in this research.

Keywords
anomaly detection, clustering, feature engineering, machine learning, netflow, time-series
DOI
10.1109/ITMS64072.2024.10741602
Hyperlink
https://ieeexplore.ieee.org/document/10741602

Roponena, E., Poļaka, I., Grabis, J. NetFlow Anomaly Detection Dataset Creation for Traffic Analysis. In: 2024 IEEE 65th International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS 2024): Proceedings, Latvia, Rīga, 3-4 October, 2024. Piscataway: IEEE, 2024, pp.1-6. ISBN 979-8-3315-3384-7. e-ISBN 979-8-3315-3383-0. ISSN 2771-6953. e-ISSN 2771-6937. Available from: doi:10.1109/ITMS64072.2024.10741602

Publication language
English (en)