NTFA: Network Flow Aggregator

Kayvan Karim; Hani Ragab Hassen; Hadj Batatia

doi:10.1007/978-3-031-40598-3_3

NTFA: Network Flow Aggregator

Kayvan Karim^*, Hani Ragab Hassen, Hadj Batatia

^*Corresponding author for this work

School of Mathematical & Computer Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Network intrusion detection systems (NIDS) play a vital role in defending against cybersecurity threats. One effective way of detecting attacks is to analyse their footprint on the network traffic logs. Flow-based logging is a standard method for logging network traffic. Given the high volume of traffic, it is unpractical to manually analyse it. This is where machine learning can play a great role by automatically analysing traffic logs and identifying attacks. One way to process the flow data is to aggregate the information and extract insight from the aggregated network traffic. This paper presents an open-source aggregator NTFA (Network Flow Aggregator). This customisable network flow aggregator can aggregate flow-based, from the standard NetFlow format, data based on the time as well as other criteria, while offering the operator the option of using different time windows. To evaluate the suitability of the output aggreates for the intrusion detection task, we use this tool to aggregate the CIDDS-001 dataset and train a classifier using a decision tree algorithm. The model can classify aggregated network traffic data with an accuracy of 99.8%. Our experiment demonstrates that the aggregated data can be used in various machine-learning research projects or industries related to intrusion detection scenarios.

Original language	English
Title of host publication	Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023
Editors	Hind Zantout, Hani Ragab Hassen
Publisher	Springer
Pages	21-28
Number of pages	8
ISBN (Electronic)	9783031405983
ISBN (Print)	9783031405976
DOIs	https://doi.org/10.1007/978-3-031-40598-3_3
Publication status	Published - 8 Sept 2023
Event	2nd International Conference on Applied Cyber Security 2023 - Dubai, United Arab Emirates Duration: 29 Apr 2023 → 29 Apr 2023

Publication series

Name	Lecture Notes in Networks and Systems
Volume	760
ISSN (Print)	2367-3370
ISSN (Electronic)	2367-3389

Conference

Conference	2nd International Conference on Applied Cyber Security 2023
Abbreviated title	ACS 2023
Country/Territory	United Arab Emirates
City	Dubai
Period	29/04/23 → 29/04/23

Keywords

CIDDS
Netflow
Network Intrusion Detection

ASJC Scopus subject areas

Control and Systems Engineering
Signal Processing
Computer Networks and Communications

Access to Document

10.1007/978-3-031-40598-3_3

Cite this

@inproceedings{6ab68f6a971c49448478888e47260761,

title = "NTFA: Network Flow Aggregator",

abstract = "Network intrusion detection systems (NIDS) play a vital role in defending against cybersecurity threats. One effective way of detecting attacks is to analyse their footprint on the network traffic logs. Flow-based logging is a standard method for logging network traffic. Given the high volume of traffic, it is unpractical to manually analyse it. This is where machine learning can play a great role by automatically analysing traffic logs and identifying attacks. One way to process the flow data is to aggregate the information and extract insight from the aggregated network traffic. This paper presents an open-source aggregator NTFA (Network Flow Aggregator). This customisable network flow aggregator can aggregate flow-based, from the standard NetFlow format, data based on the time as well as other criteria, while offering the operator the option of using different time windows. To evaluate the suitability of the output aggreates for the intrusion detection task, we use this tool to aggregate the CIDDS-001 dataset and train a classifier using a decision tree algorithm. The model can classify aggregated network traffic data with an accuracy of 99.8%. Our experiment demonstrates that the aggregated data can be used in various machine-learning research projects or industries related to intrusion detection scenarios.",

keywords = "CIDDS, Netflow, Network Intrusion Detection",

author = "Kayvan Karim and {Ragab Hassen}, Hani and Hadj Batatia",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 2nd International Conference on Applied Cyber Security 2023, ACS 2023 ; Conference date: 29-04-2023 Through 29-04-2023",

year = "2023",

month = sep,

day = "8",

doi = "10.1007/978-3-031-40598-3_3",

language = "English",

isbn = "9783031405976",

series = "Lecture Notes in Networks and Systems",

publisher = "Springer",

pages = "21--28",

editor = "Hind Zantout and {Ragab Hassen}, Hani",

booktitle = "Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023",

}

Karim, K , Ragab Hassen, H & Batatia, H 2023, NTFA: Network Flow Aggregator. in H Zantout & H Ragab Hassen (eds), Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023. Lecture Notes in Networks and Systems, vol. 760, Springer, pp. 21-28, 2nd International Conference on Applied Cyber Security 2023, Dubai, United Arab Emirates, 29/04/23. https://doi.org/10.1007/978-3-031-40598-3_3

TY - GEN

T1 - NTFA

T2 - 2nd International Conference on Applied Cyber Security 2023

AU - Karim, Kayvan

AU - Ragab Hassen, Hani

AU - Batatia, Hadj

PY - 2023/9/8

Y1 - 2023/9/8

N2 - Network intrusion detection systems (NIDS) play a vital role in defending against cybersecurity threats. One effective way of detecting attacks is to analyse their footprint on the network traffic logs. Flow-based logging is a standard method for logging network traffic. Given the high volume of traffic, it is unpractical to manually analyse it. This is where machine learning can play a great role by automatically analysing traffic logs and identifying attacks. One way to process the flow data is to aggregate the information and extract insight from the aggregated network traffic. This paper presents an open-source aggregator NTFA (Network Flow Aggregator). This customisable network flow aggregator can aggregate flow-based, from the standard NetFlow format, data based on the time as well as other criteria, while offering the operator the option of using different time windows. To evaluate the suitability of the output aggreates for the intrusion detection task, we use this tool to aggregate the CIDDS-001 dataset and train a classifier using a decision tree algorithm. The model can classify aggregated network traffic data with an accuracy of 99.8%. Our experiment demonstrates that the aggregated data can be used in various machine-learning research projects or industries related to intrusion detection scenarios.

AB - Network intrusion detection systems (NIDS) play a vital role in defending against cybersecurity threats. One effective way of detecting attacks is to analyse their footprint on the network traffic logs. Flow-based logging is a standard method for logging network traffic. Given the high volume of traffic, it is unpractical to manually analyse it. This is where machine learning can play a great role by automatically analysing traffic logs and identifying attacks. One way to process the flow data is to aggregate the information and extract insight from the aggregated network traffic. This paper presents an open-source aggregator NTFA (Network Flow Aggregator). This customisable network flow aggregator can aggregate flow-based, from the standard NetFlow format, data based on the time as well as other criteria, while offering the operator the option of using different time windows. To evaluate the suitability of the output aggreates for the intrusion detection task, we use this tool to aggregate the CIDDS-001 dataset and train a classifier using a decision tree algorithm. The model can classify aggregated network traffic data with an accuracy of 99.8%. Our experiment demonstrates that the aggregated data can be used in various machine-learning research projects or industries related to intrusion detection scenarios.

KW - CIDDS

KW - Netflow

KW - Network Intrusion Detection

UR - http://www.scopus.com/inward/record.url?scp=85172120137&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-40598-3_3

DO - 10.1007/978-3-031-40598-3_3

M3 - Conference contribution

AN - SCOPUS:85172120137

SN - 9783031405976

T3 - Lecture Notes in Networks and Systems

SP - 21

EP - 28

BT - Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023

A2 - Zantout, Hind

A2 - Ragab Hassen, Hani

PB - Springer

Y2 - 29 April 2023 through 29 April 2023

ER -

NTFA: Network Flow Aggregator

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this