Attacks Detection on Sampled Netflow Traffic Through Image Analysis with Convolutional Neural Networks (CNN)

Abstract

The interest in attacks detection has increased significantly in recent years together with the internet traffic and connections. Due to the big amount of packages, it is not feasible to analyze the payload of every packet that goes through the network. In order to have a statistical solution, the NetFlow protocol was designed. The payload of the packets is not included in the information stored by this protocol, making the detection of malicious attacks more challenging. Furthermore, to alleviate the performance penalty generated by the NetFlow on the routers, the Sampled NetFlow was developed. Sampled NetFlow allows the system administrators to define the interval in which these flows are going to be gathered. In the literature, there are several approaches that make use of traditional Machine Learning methods like KNN or SVM. To the best of our knowledge, there is currently no study attempting to probe Convolutional Neural Network on Sampled NetFlow. In this paper, we present the results obtained using Convolutional Neural Network on flows of Sampled NetFlow v5 to fill this gap. Our approach was able to obtain 94.15% of accuracy on sampling rate of 500. Additionally the limitations of this technique are going to be discussed if the interval of the Sampled Netflow is greather than 500.