AI-Based Anomaly Detection and Classification of Traffic Using Netflow

Gustavo Gonzalez Granadillo; Nesrine Kaaniche

doi:10.5220/0013552700003979

AI-Based Anomaly Detection and Classification of Traffic Using Netflow

Gustavo Gonzalez Granadillo
, Nesrine Kaaniche

DCR Security Department

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

Anomalies manifest differently in network statistics, making it difficult to develop generalized models for normal network behaviors and anomalies. This paper analyzes various Machine Learning (ML) and Deep Learning (DL) algorithms employing supervised techniques for both binary and multi-class classification of network traffic. Experiments have been conducted using a validated NetFlow-based dataset containing over 31 million incoming and outgoing network connections of an IT infrastructure. Preliminary results indicate that no single model effectively detects all cyber-attacks. However, selected models for binary and multi-class classification show promising results, achieving performance levels of up to 99.9% in the best of the cases.

langue originale	Anglais
titre	Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025
rédacteurs en chef	Sabrina De Capitani Di Vimercati, Pierangela Samarati
Editeur	Science and Technology Publications, Lda
Pages	644-649
Nombre de pages	6
ISBN (imprimé)	9789897587603
Les DOIs	https://doi.org/10.5220/0013552700003979
état	Publié - 1 janv. 2025
Evénement	22nd International Conference on Security and Cryptography, SECRYPT 2025 - Bilbao, Espagne Durée: 11 juin 2025 → 13 juin 2025

Série de publications

Nom	Proceedings of the International Conference on Security and Cryptography
Volume	1
ISSN (imprimé)	2184-7711

Une conférence

Une conférence	22nd International Conference on Security and Cryptography, SECRYPT 2025
Pays/Territoire	Espagne
La ville	Bilbao
période	11/06/25 → 13/06/25

Accès au document

10.5220/0013552700003979

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Granadillo, G. G., & Kaaniche, N. (2025). AI-Based Anomaly Detection and Classification of Traffic Using Netflow. Dans S. De Capitani Di Vimercati, & P. Samarati (eds.), Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025 (p. 644-649). (Proceedings of the International Conference on Security and Cryptography; Vol 1). Science and Technology Publications, Lda. https://doi.org/10.5220/0013552700003979

Granadillo, Gustavo Gonzalez ; Kaaniche, Nesrine. / AI-Based Anomaly Detection and Classification of Traffic Using Netflow. Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025. Editeur / Sabrina De Capitani Di Vimercati ; Pierangela Samarati. Science and Technology Publications, Lda, 2025. p. 644-649 (Proceedings of the International Conference on Security and Cryptography).

@inproceedings{ffc52ebb3dd842a6aa821daf7a7db8d5,

title = "AI-Based Anomaly Detection and Classification of Traffic Using Netflow",

abstract = "Anomalies manifest differently in network statistics, making it difficult to develop generalized models for normal network behaviors and anomalies. This paper analyzes various Machine Learning (ML) and Deep Learning (DL) algorithms employing supervised techniques for both binary and multi-class classification of network traffic. Experiments have been conducted using a validated NetFlow-based dataset containing over 31 million incoming and outgoing network connections of an IT infrastructure. Preliminary results indicate that no single model effectively detects all cyber-attacks. However, selected models for binary and multi-class classification show promising results, achieving performance levels of up to 99.9\% in the best of the cases.",

keywords = "Anomaly Detection, Classification Algorithms, NetFlow, Network Traffic Behavior",

author = "Granadillo, \{Gustavo Gonzalez\} and Nesrine Kaaniche",

note = "Publisher Copyright: {\textcopyright} 2025 by Paper published under CC license (CC BY-NC-ND 4.0).; 22nd International Conference on Security and Cryptography, SECRYPT 2025 ; Conference date: 11-06-2025 Through 13-06-2025",

year = "2025",

month = jan,

day = "1",

doi = "10.5220/0013552700003979",

language = "English",

isbn = "9789897587603",

series = "Proceedings of the International Conference on Security and Cryptography",

publisher = "Science and Technology Publications, Lda",

pages = "644--649",

editor = "\{De Capitani Di Vimercati\}, Sabrina and Pierangela Samarati",

booktitle = "Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025",

}

Granadillo, GG & Kaaniche, N 2025, AI-Based Anomaly Detection and Classification of Traffic Using Netflow. Dans S De Capitani Di Vimercati & P Samarati (eds), Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025. Proceedings of the International Conference on Security and Cryptography, VOL. 1, Science and Technology Publications, Lda, p. 644-649, 22nd International Conference on Security and Cryptography, SECRYPT 2025, Bilbao, Espagne, 11/06/25. https://doi.org/10.5220/0013552700003979

AI-Based Anomaly Detection and Classification of Traffic Using Netflow. / Granadillo, Gustavo Gonzalez; Kaaniche, Nesrine.
Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025. Ed. / Sabrina De Capitani Di Vimercati; Pierangela Samarati. Science and Technology Publications, Lda, 2025. p. 644-649 (Proceedings of the International Conference on Security and Cryptography; Vol 1).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - AI-Based Anomaly Detection and Classification of Traffic Using Netflow

AU - Granadillo, Gustavo Gonzalez

AU - Kaaniche, Nesrine

PY - 2025/1/1

Y1 - 2025/1/1

N2 - Anomalies manifest differently in network statistics, making it difficult to develop generalized models for normal network behaviors and anomalies. This paper analyzes various Machine Learning (ML) and Deep Learning (DL) algorithms employing supervised techniques for both binary and multi-class classification of network traffic. Experiments have been conducted using a validated NetFlow-based dataset containing over 31 million incoming and outgoing network connections of an IT infrastructure. Preliminary results indicate that no single model effectively detects all cyber-attacks. However, selected models for binary and multi-class classification show promising results, achieving performance levels of up to 99.9% in the best of the cases.

AB - Anomalies manifest differently in network statistics, making it difficult to develop generalized models for normal network behaviors and anomalies. This paper analyzes various Machine Learning (ML) and Deep Learning (DL) algorithms employing supervised techniques for both binary and multi-class classification of network traffic. Experiments have been conducted using a validated NetFlow-based dataset containing over 31 million incoming and outgoing network connections of an IT infrastructure. Preliminary results indicate that no single model effectively detects all cyber-attacks. However, selected models for binary and multi-class classification show promising results, achieving performance levels of up to 99.9% in the best of the cases.

KW - Anomaly Detection

KW - Classification Algorithms

KW - NetFlow

KW - Network Traffic Behavior

UR - https://www.scopus.com/pages/publications/105010458374

U2 - 10.5220/0013552700003979

DO - 10.5220/0013552700003979

M3 - Conference contribution

AN - SCOPUS:105010458374

SN - 9789897587603

T3 - Proceedings of the International Conference on Security and Cryptography

SP - 644

EP - 649

BT - Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025

A2 - De Capitani Di Vimercati, Sabrina

A2 - Samarati, Pierangela

PB - Science and Technology Publications, Lda

T2 - 22nd International Conference on Security and Cryptography, SECRYPT 2025

Y2 - 11 June 2025 through 13 June 2025

ER -

Granadillo GG, Kaaniche N. AI-Based Anomaly Detection and Classification of Traffic Using Netflow. Dans De Capitani Di Vimercati S, Samarati P, rédacteurs en chef, Proceedings of the 22nd International Conference on Security and Cryptography, SECRYPT 2025. Science and Technology Publications, Lda. 2025. p. 644-649. (Proceedings of the International Conference on Security and Cryptography). doi: 10.5220/0013552700003979

AI-Based Anomaly Detection and Classification of Traffic Using Netflow

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation