NTFA: Network Flow Aggregator

Kayvan Karim*, Hani Ragab Hassen, Hadj Batatia

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Network intrusion detection systems (NIDS) play a vital role in defending against cybersecurity threats. One effective way of detecting attacks is to analyse their footprint on the network traffic logs. Flow-based logging is a standard method for logging network traffic. Given the high volume of traffic, it is unpractical to manually analyse it. This is where machine learning can play a great role by automatically analysing traffic logs and identifying attacks. One way to process the flow data is to aggregate the information and extract insight from the aggregated network traffic. This paper presents an open-source aggregator NTFA (Network Flow Aggregator). This customisable network flow aggregator can aggregate flow-based, from the standard NetFlow format, data based on the time as well as other criteria, while offering the operator the option of using different time windows. To evaluate the suitability of the output aggreates for the intrusion detection task, we use this tool to aggregate the CIDDS-001 dataset and train a classifier using a decision tree algorithm. The model can classify aggregated network traffic data with an accuracy of 99.8%. Our experiment demonstrates that the aggregated data can be used in various machine-learning research projects or industries related to intrusion detection scenarios.

Original languageEnglish
Title of host publicationProceedings of the International Conference on Applied Cybersecurity (ACS) 2023
EditorsHind Zantout, Hani Ragab Hassen
PublisherSpringer
Pages21-28
Number of pages8
ISBN (Electronic)9783031405983
ISBN (Print)9783031405976
DOIs
Publication statusPublished - 8 Sept 2023
Event2nd International Conference on Applied Cyber Security 2023 - Dubai, United Arab Emirates
Duration: 29 Apr 202329 Apr 2023

Publication series

NameLecture Notes in Networks and Systems
Volume760
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Conference

Conference2nd International Conference on Applied Cyber Security 2023
Abbreviated titleACS 2023
Country/TerritoryUnited Arab Emirates
CityDubai
Period29/04/2329/04/23

Keywords

  • CIDDS
  • Netflow
  • Network Intrusion Detection

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Signal Processing
  • Computer Networks and Communications

Cite this