AI-Based Anomaly Detection and Classification of Traffic Using Netflow

Gustavo Gonzalez Granadillo; Nesrine Kaaniche

doi:10.5220/0013552700003979

AI-Based Anomaly Detection and Classification of Traffic Using Netflow

Gustavo Gonzalez Granadillo
, Nesrine Kaaniche

DCR Security Department

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Anomalies manifest differently in network statistics, making it difficult to develop generalized models for normal network behaviors and anomalies. This paper analyzes various Machine Learning (ML) and Deep Learning (DL) algorithms employing supervised techniques for both binary and multi-class classification of network traffic. Experiments have been conducted using a validated NetFlow-based dataset containing over 31 million incoming and outgoing network connections of an IT infrastructure. Preliminary results indicate that no single model effectively detects all cyber-attacks. However, selected models for binary and multi-class classification show promising results, achieving performance levels of up to 99.9% in the best of the cases.

Original language	English
Title of host publication	Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025
Editors	Sabrina De Capitani Di Vimercati, Pierangela Samarati
Publisher	Science and Technology Publications, Lda
Pages	644-649
Number of pages	6
ISBN (Print)	9789897587603
DOIs	https://doi.org/10.5220/0013552700003979
Publication status	Published - 1 Jan 2025
Event	22nd International Conference on Security and Cryptography, SECRYPT 2025 - Bilbao, Spain Duration: 11 Jun 2025 → 13 Jun 2025

Publication series

Name	Proceedings of the International Conference on Security and Cryptography
Volume	1
ISSN (Print)	2184-7711

Conference

Conference	22nd International Conference on Security and Cryptography, SECRYPT 2025
Country/Territory	Spain
City	Bilbao
Period	11/06/25 → 13/06/25

Keywords

Anomaly Detection
Classification Algorithms
NetFlow
Network Traffic Behavior

Access to Document

10.5220/0013552700003979

Cite this

Granadillo, G. G., & Kaaniche, N. (2025). AI-Based Anomaly Detection and Classification of Traffic Using Netflow. In S. De Capitani Di Vimercati, & P. Samarati (Eds.), Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025 (pp. 644-649). (Proceedings of the International Conference on Security and Cryptography; Vol. 1). Science and Technology Publications, Lda. https://doi.org/10.5220/0013552700003979

Granadillo, Gustavo Gonzalez ; Kaaniche, Nesrine. / AI-Based Anomaly Detection and Classification of Traffic Using Netflow. Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025. editor / Sabrina De Capitani Di Vimercati ; Pierangela Samarati. Science and Technology Publications, Lda, 2025. pp. 644-649 (Proceedings of the International Conference on Security and Cryptography).

@inproceedings{ffc52ebb3dd842a6aa821daf7a7db8d5,

title = "AI-Based Anomaly Detection and Classification of Traffic Using Netflow",

abstract = "Anomalies manifest differently in network statistics, making it difficult to develop generalized models for normal network behaviors and anomalies. This paper analyzes various Machine Learning (ML) and Deep Learning (DL) algorithms employing supervised techniques for both binary and multi-class classification of network traffic. Experiments have been conducted using a validated NetFlow-based dataset containing over 31 million incoming and outgoing network connections of an IT infrastructure. Preliminary results indicate that no single model effectively detects all cyber-attacks. However, selected models for binary and multi-class classification show promising results, achieving performance levels of up to 99.9\% in the best of the cases.",

keywords = "Anomaly Detection, Classification Algorithms, NetFlow, Network Traffic Behavior",

author = "Granadillo, \{Gustavo Gonzalez\} and Nesrine Kaaniche",

note = "Publisher Copyright: {\textcopyright} 2025 by Paper published under CC license (CC BY-NC-ND 4.0).; 22nd International Conference on Security and Cryptography, SECRYPT 2025 ; Conference date: 11-06-2025 Through 13-06-2025",

year = "2025",

month = jan,

day = "1",

doi = "10.5220/0013552700003979",

language = "English",

isbn = "9789897587603",

series = "Proceedings of the International Conference on Security and Cryptography",

publisher = "Science and Technology Publications, Lda",

pages = "644--649",

editor = "\{De Capitani Di Vimercati\}, Sabrina and Pierangela Samarati",

booktitle = "Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025",

}

Granadillo, GG & Kaaniche, N 2025, AI-Based Anomaly Detection and Classification of Traffic Using Netflow. in S De Capitani Di Vimercati & P Samarati (eds), Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025. Proceedings of the International Conference on Security and Cryptography, vol. 1, Science and Technology Publications, Lda, pp. 644-649, 22nd International Conference on Security and Cryptography, SECRYPT 2025, Bilbao, Spain, 11/06/25. https://doi.org/10.5220/0013552700003979

AI-Based Anomaly Detection and Classification of Traffic Using Netflow. / Granadillo, Gustavo Gonzalez; Kaaniche, Nesrine.
Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025. ed. / Sabrina De Capitani Di Vimercati; Pierangela Samarati. Science and Technology Publications, Lda, 2025. p. 644-649 (Proceedings of the International Conference on Security and Cryptography; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - AI-Based Anomaly Detection and Classification of Traffic Using Netflow

AU - Granadillo, Gustavo Gonzalez

AU - Kaaniche, Nesrine

PY - 2025/1/1

Y1 - 2025/1/1

N2 - Anomalies manifest differently in network statistics, making it difficult to develop generalized models for normal network behaviors and anomalies. This paper analyzes various Machine Learning (ML) and Deep Learning (DL) algorithms employing supervised techniques for both binary and multi-class classification of network traffic. Experiments have been conducted using a validated NetFlow-based dataset containing over 31 million incoming and outgoing network connections of an IT infrastructure. Preliminary results indicate that no single model effectively detects all cyber-attacks. However, selected models for binary and multi-class classification show promising results, achieving performance levels of up to 99.9% in the best of the cases.

AB - Anomalies manifest differently in network statistics, making it difficult to develop generalized models for normal network behaviors and anomalies. This paper analyzes various Machine Learning (ML) and Deep Learning (DL) algorithms employing supervised techniques for both binary and multi-class classification of network traffic. Experiments have been conducted using a validated NetFlow-based dataset containing over 31 million incoming and outgoing network connections of an IT infrastructure. Preliminary results indicate that no single model effectively detects all cyber-attacks. However, selected models for binary and multi-class classification show promising results, achieving performance levels of up to 99.9% in the best of the cases.

KW - Anomaly Detection

KW - Classification Algorithms

KW - NetFlow

KW - Network Traffic Behavior

UR - https://www.scopus.com/pages/publications/105010458374

U2 - 10.5220/0013552700003979

DO - 10.5220/0013552700003979

M3 - Conference contribution

AN - SCOPUS:105010458374

SN - 9789897587603

T3 - Proceedings of the International Conference on Security and Cryptography

SP - 644

EP - 649

BT - Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025

A2 - De Capitani Di Vimercati, Sabrina

A2 - Samarati, Pierangela

PB - Science and Technology Publications, Lda

T2 - 22nd International Conference on Security and Cryptography, SECRYPT 2025

Y2 - 11 June 2025 through 13 June 2025

ER -

Granadillo GG, Kaaniche N. AI-Based Anomaly Detection and Classification of Traffic Using Netflow. In De Capitani Di Vimercati S, Samarati P, editors, Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025. Science and Technology Publications, Lda. 2025. p. 644-649. (Proceedings of the International Conference on Security and Cryptography). doi: 10.5220/0013552700003979

AI-Based Anomaly Detection and Classification of Traffic Using Netflow

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this