Network Attack Detection on Netflow Data using Machine Learning Techniques

The rapid growth of IT applications and providing more services on computer networks comes with security threats with malicious and business targets. One method to deal with network traffic analysis complexities is to analyze a summary of network data that is extracted from network connections. Netflow is a defacto standard for generating network flow data introduced by Cisco and integrated into Cisco switches and routers which produce flow records about underlying network traffic. In this paper, we use machine learning techniques to analyze Netflow data and classifying connections pertain to network attacks and do respective prevention measures after the classification. Machine learning algorithms including Naïve Bayes, SVM, and NBTree has been used to model different attacks based on network flow data. In the evaluation phase, KDDcup99 dataset used and related features to Netflow data are selected (7 features), and then, classification has been done with both original KDDcup99 features (41 features) and our selected Netflow features. Average classification accuracy for different 22 attack classes and one benign class shows that using just seven Netflow related features does not affect the accuracy obviously while the computation overhead is obviously decreased. Average detection accuracy for our selected features in different algorithms is 97% whereas, for the best case (i.e, SVM) with 41 features, the average accuracy is 99% which is not so much better than our less complex Netflow based method.