With the growth of network connectivity and network sizes, the interest in traffic classification respectively attack and anomaly detection in network monitoring and security related activities have become very strong. In this paper, a new tool called DANAK has been developed for the detection of anomalies in Netflow records by referring to spatial and temporal information aggregation in combination with Machine Learning techniques. Spatially aggregated Netflow records are fed in a new designed kernel function in order to analyze Netflow records on context and quantitative information. To strengthen the analysis of large volumes of Netflow records, Phase Space Embedding and Machine Learning are applied. The proposed method has been validated by extensive experimentation on real data sets, including numerous attack strategies of different roots.
展开▼
