Compartir
Título
Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models
Autor
Facultad/Centro
Área de conocimiento
Título de la revista
Sensors
Número de la revista
24
Cita Bibliográfica
Campazas-Vega, A., Crespo-Martínez, I. S., Guerrero-Higueras, Á. M., and Fernández-Llamas, C. (2020). Flow-data gathering using netflow sensors for fitting malicious-traffic detection models. Sensors (Switzerland), 20(24), 1-13. https://doi.org/10.3390/S20247294
Editorial
MDPI
Fecha
2020-12-18
Resumen
[EN] Advanced persistent threats (APTs) are a growing concern in cybersecurity. Many companies
and governments have reported incidents related to these threats. Throughout the life cycle of an
APT, one of the most commonly used techniques for gaining access is network attacks. Tools based on
machine learning are effective in detecting these attacks. However, researchers usually have problems
with finding suitable datasets for fitting their models. The problem is even harder when flow data are
required. In this paper, we describe a framework to gather flow datasets using a NetFlow sensor. We also
present the Docker-based framework for gathering netflow data (DOROTHEA), a Docker-based solution
implementing the above framework. This tool aims to easily generate taggable network traffic to build
suitable datasets for fitting classification models. In order to demonstrate that datasets gathered with
DOROTHEA can be used for fitting classification models for malicious-traffic detection, several models
were built using the model evaluator (MoEv), a general-purpose tool for training machine-learning
algorithms. After carrying out the experiments, four models obtained detection rates higher than 93%,
thus demonstrating the validity of the datasets gathered with the tool.
Materia
Palabras clave
Peer review
SI
ID proyecto
- info:eu-repo/grantAgreement/AEI/Programa Programa Estatal de I+D+i Orientada a los Retos de la Sociedad/RTI2018-100683-B-100/ES/DETECCION Y CARACTERIZACION AUTOMATICA DE PROBLEMAS DE CIBERSEGURIDAD EN PLATAFORMAS ROBOTICAS
- Instituto Nacional de Ciberseguridad de España (ADENDA 4: Detección de nuevas amenazas y patrones desconocidos (Red Regional de Ciencia y Tecnología)
URI
DOI
Aparece en las colecciones
- Artículos [4741]
Ficheros en el ítem
Tamaño:
673.0
xmlui.dri2xhtml.METS-1.0.size-kilobytes
Formato:
Adobe PDF