A Novel Approach to Network Traffic Analysis: the HERA tool

• URL: http://arxiv.org/abs/2501.07475v1
• Date: Mon, 13 Jan 2025 16:47:52 GMT
• Title: A Novel Approach to Network Traffic Analysis: the HERA tool
• Authors: Daniela Pinto, Ivone Amorim, Eva Maia, Isabel Praça,
• Abstract summary: Cybersecurity threats highlight the need for robust network intrusion detection systems. These systems rely heavily on datasets to train machine learning models capable of detecting patterns and predicting threats. HERA is a new open-source tool that generates flow files and labelled or unlabelled datasets with user-defined features.
• Score: 0.0
• License:
• Abstract: Cybersecurity threats highlight the need for robust network intrusion detection systems to identify malicious behaviour. These systems rely heavily on large datasets to train machine learning models capable of detecting patterns and predicting threats. In the past two decades, researchers have produced a multitude of datasets, however, some widely utilised recent datasets generated with CICFlowMeter contain inaccuracies. These result in flow generation and feature extraction inconsistencies, leading to skewed results and reduced system effectiveness. Other tools in this context lack ease of use, customizable feature sets, and flow labelling options. In this work, we introduce HERA, a new open-source tool that generates flow files and labelled or unlabelled datasets with user-defined features. Validated and tested with the UNSW-NB15 dataset, HERA demonstrated accurate flow and label generation.

Related papers

• NetFlowGen: Leveraging Generative Pre-training for Network Traffic Dynamics [72.95483148058378]
  We propose to pre-train a general-purpose machine learning model to capture traffic dynamics with only traffic data from NetFlow records. We address challenges such as unifying network feature representations, learning from large unlabeled traffic data volume, and testing on real downstream tasks in DDoS attack detection.
  arXiv  Detail & Related papers  (2024-12-30T00:47:49Z)
• Flow Exporter Impact on Intelligent Intrusion Detection Systems [0.0]
  High-quality datasets are critical for training machine learning models. Inconsistencies in feature generation can hinder the accuracy and reliability of threat detection. This paper investigates the impact of flow exporters on the performance and reliability of machine learning models for intrusion detection.
  arXiv  Detail & Related papers  (2024-12-18T16:38:20Z)
• TII-SSRC-23 Dataset: Typological Exploration of Diverse Traffic Patterns for Intrusion Detection [0.5261718469769447]
  Existing datasets often fall short, lacking the necessary diversity and alignment with the contemporary network environment. This paper introduces TII-SSRC-23, a novel and comprehensive dataset designed to overcome these challenges.
  arXiv  Detail & Related papers  (2023-09-14T05:23:36Z)
• Anomaly Detection Dataset for Industrial Control Systems [1.2234742322758418]
  Industrial Control Systems (ICSs) have been targeted by cyberattacks and are becoming increasingly vulnerable. The lack of suitable datasets for evaluating Machine Learning algorithms is a challenge. This paper presents the 'ICS-Flow' dataset, which offers network data and process state variables logs for supervised and unsupervised ML-based IDS assessment.
  arXiv  Detail & Related papers  (2023-05-11T14:52:19Z)
• Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection [64.1680666036655]
  We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view. We have evaluated the mathematical model using two different datasets.
  arXiv  Detail & Related papers  (2023-02-02T13:41:18Z)
• Neural Relation Graph: A Unified Framework for Identifying Label Noise and Outlier Data [44.64190826937705]
  We present scalable algorithms for detecting label errors and outlier data based on the relational graph structure of data. We also introduce a visualization tool that provides contextual information of a data point in the feature-embedded space. Our approach achieves state-of-the-art detection performance on all tasks considered and demonstrates its effectiveness in large-scale real-world datasets.
  arXiv  Detail & Related papers  (2023-01-29T02:09:13Z)
• DAE : Discriminatory Auto-Encoder for multivariate time-series anomaly detection in air transportation [68.8204255655161]
  We propose a novel anomaly detection model called Discriminatory Auto-Encoder (DAE) It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase. Results show that the DAE achieves better results in both accuracy and speed of detection.
  arXiv  Detail & Related papers  (2021-09-08T14:07:55Z)
• An Explainable Machine Learning-based Network Intrusion Detection System for Enabling Generalisability in Securing IoT Networks [0.0]
  Machine Learning (ML)-based network intrusion detection systems bring many benefits for enhancing the security posture of an organisation. Many systems have been designed and developed in the research community, often achieving a perfect detection rate when evaluated using certain datasets. This paper tightens the gap by evaluating the generalisability of a common feature set to different network environments and attack types.
  arXiv  Detail & Related papers  (2021-04-15T00:44:45Z)
• Supervised Feature Selection Techniques in Network Intrusion Detection: a Critical Review [9.177695323629896]
  Machine Learning techniques are becoming an invaluable support for network intrusion detection. Dealing with the vast diversity and number of features that typically characterize data traffic is a hard problem. By reducing the feature space and retaining only the most significant features, Feature Selection (FS) becomes a crucial pre-processing step in network management.
  arXiv  Detail & Related papers  (2021-04-11T08:42:01Z)
• Anomaly Detection on Attributed Networks via Contrastive Self-Supervised Learning [50.24174211654775]
  We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks. Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair. A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
  arXiv  Detail & Related papers  (2021-02-27T03:17:20Z)
• Contextual-Bandit Anomaly Detection for IoT Data in Distributed Hierarchical Edge Computing [65.78881372074983]
  IoT devices can hardly afford complex deep neural networks (DNN) models, and offloading anomaly detection tasks to the cloud incurs long delay. We propose and build a demo for an adaptive anomaly detection approach for distributed hierarchical edge computing (HEC) systems. We show that our proposed approach significantly reduces detection delay without sacrificing accuracy, as compared to offloading detection tasks to the cloud.
  arXiv  Detail & Related papers  (2020-04-15T06:13:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.