Cargando…
Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models
Advanced persistent threats (APTs) are a growing concern in cybersecurity. Many companies and governments have reported incidents related to these threats. Throughout the life cycle of an APT, one of the most commonly used techniques for gaining access is network attacks. Tools based on machine lear...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7766632/ https://www.ncbi.nlm.nih.gov/pubmed/33353086 http://dx.doi.org/10.3390/s20247294 |
| _version_ | 1783628765076652032 |
|---|---|
| author | Campazas-Vega, Adrián Crespo-Martínez, Ignacio Samuel Guerrero-Higueras, Ángel Manuel Fernández-Llamas, Camino |
| author_facet | Campazas-Vega, Adrián Crespo-Martínez, Ignacio Samuel Guerrero-Higueras, Ángel Manuel Fernández-Llamas, Camino |
| author_sort | Campazas-Vega, Adrián |
| collection | PubMed |
| description | Advanced persistent threats (APTs) are a growing concern in cybersecurity. Many companies and governments have reported incidents related to these threats. Throughout the life cycle of an APT, one of the most commonly used techniques for gaining access is network attacks. Tools based on machine learning are effective in detecting these attacks. However, researchers usually have problems with finding suitable datasets for fitting their models. The problem is even harder when flow data are required. In this paper, we describe a framework to gather flow datasets using a NetFlow sensor. We also present the Docker-based framework for gathering netflow data (DOROTHEA), a Docker-based solution implementing the above framework. This tool aims to easily generate taggable network traffic to build suitable datasets for fitting classification models. In order to demonstrate that datasets gathered with DOROTHEA can be used for fitting classification models for malicious-traffic detection, several models were built using the model evaluator (MoEv), a general-purpose tool for training machine-learning algorithms. After carrying out the experiments, four models obtained detection rates higher than 93%, thus demonstrating the validity of the datasets gathered with the tool. |
| format | Online Article Text |
| id | pubmed-7766632 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-77666322020-12-28 Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models Campazas-Vega, Adrián Crespo-Martínez, Ignacio Samuel Guerrero-Higueras, Ángel Manuel Fernández-Llamas, Camino Sensors (Basel) Article Advanced persistent threats (APTs) are a growing concern in cybersecurity. Many companies and governments have reported incidents related to these threats. Throughout the life cycle of an APT, one of the most commonly used techniques for gaining access is network attacks. Tools based on machine learning are effective in detecting these attacks. However, researchers usually have problems with finding suitable datasets for fitting their models. The problem is even harder when flow data are required. In this paper, we describe a framework to gather flow datasets using a NetFlow sensor. We also present the Docker-based framework for gathering netflow data (DOROTHEA), a Docker-based solution implementing the above framework. This tool aims to easily generate taggable network traffic to build suitable datasets for fitting classification models. In order to demonstrate that datasets gathered with DOROTHEA can be used for fitting classification models for malicious-traffic detection, several models were built using the model evaluator (MoEv), a general-purpose tool for training machine-learning algorithms. After carrying out the experiments, four models obtained detection rates higher than 93%, thus demonstrating the validity of the datasets gathered with the tool. MDPI 2020-12-18 /pmc/articles/PMC7766632/ /pubmed/33353086 http://dx.doi.org/10.3390/s20247294 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Campazas-Vega, Adrián Crespo-Martínez, Ignacio Samuel Guerrero-Higueras, Ángel Manuel Fernández-Llamas, Camino Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models |
| title | Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models |
| title_full | Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models |
| title_fullStr | Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models |
| title_full_unstemmed | Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models |
| title_short | Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models |
| title_sort | flow-data gathering using netflow sensors for fitting malicious-traffic detection models |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7766632/ https://www.ncbi.nlm.nih.gov/pubmed/33353086 http://dx.doi.org/10.3390/s20247294 |
| work_keys_str_mv | AT campazasvegaadrian flowdatagatheringusingnetflowsensorsforfittingmalicioustrafficdetectionmodels AT crespomartinezignaciosamuel flowdatagatheringusingnetflowsensorsforfittingmalicioustrafficdetectionmodels AT guerrerohiguerasangelmanuel flowdatagatheringusingnetflowsensorsforfittingmalicioustrafficdetectionmodels AT fernandezllamascamino flowdatagatheringusingnetflowsensorsforfittingmalicioustrafficdetectionmodels |