Daniel Gónzalez-Sánchez, I. D. Martinez-Casanueva, A. Pastor, Luis Bellido Triana, Cristina Pinar Muñoz Zamarro, Alejandro Antonio Moreno Sancho, David Fernández Cambronero, Diego R. López
{"title":"基于NetFlow的模型驱动网络监控在威胁检测中的应用","authors":"Daniel Gónzalez-Sánchez, I. D. Martinez-Casanueva, A. Pastor, Luis Bellido Triana, Cristina Pinar Muñoz Zamarro, Alejandro Antonio Moreno Sancho, David Fernández Cambronero, Diego R. López","doi":"10.1109/NetSoft54395.2022.9844107","DOIUrl":null,"url":null,"abstract":"In recent years, several research works have proposed the analysis of network flow information using machine learning in order to detect threats or anomalous activities. In this sense, NetFlow-based systems stand out as one of the main sources of network flow information. In these systems, NetFlow collectors provide the flow monitoring information to be analyzed, but the particular information structure and format provided by different collector implementations is a recurring problem. In this paper, a new YANG data model is proposed as a standard model to use NetFlow-based monitoring data. In order to validate the proposal, a NetFlow collector incorporating the proposed NetFlow YANG model has been developed, to be integrated in a network scenario in which network flows are analyzed to detect malicious cryptomining activity. This collector extends an existing one, and provides design patterns to incorporate other existing collectors into this common data model. Our results show how, by using the YANG modeling language, network flow information can be handled and aggregated in a formal and unified way that provides flexibility and facilitates data analysis applied to threat detection.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"9 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Model-Driven Network Monitoring Using NetFlow Applied to Threat Detection\",\"authors\":\"Daniel Gónzalez-Sánchez, I. D. Martinez-Casanueva, A. Pastor, Luis Bellido Triana, Cristina Pinar Muñoz Zamarro, Alejandro Antonio Moreno Sancho, David Fernández Cambronero, Diego R. López\",\"doi\":\"10.1109/NetSoft54395.2022.9844107\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, several research works have proposed the analysis of network flow information using machine learning in order to detect threats or anomalous activities. In this sense, NetFlow-based systems stand out as one of the main sources of network flow information. In these systems, NetFlow collectors provide the flow monitoring information to be analyzed, but the particular information structure and format provided by different collector implementations is a recurring problem. In this paper, a new YANG data model is proposed as a standard model to use NetFlow-based monitoring data. In order to validate the proposal, a NetFlow collector incorporating the proposed NetFlow YANG model has been developed, to be integrated in a network scenario in which network flows are analyzed to detect malicious cryptomining activity. This collector extends an existing one, and provides design patterns to incorporate other existing collectors into this common data model. Our results show how, by using the YANG modeling language, network flow information can be handled and aggregated in a formal and unified way that provides flexibility and facilitates data analysis applied to threat detection.\",\"PeriodicalId\":125799,\"journal\":{\"name\":\"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)\",\"volume\":\"9 4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NetSoft54395.2022.9844107\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NetSoft54395.2022.9844107","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Model-Driven Network Monitoring Using NetFlow Applied to Threat Detection
In recent years, several research works have proposed the analysis of network flow information using machine learning in order to detect threats or anomalous activities. In this sense, NetFlow-based systems stand out as one of the main sources of network flow information. In these systems, NetFlow collectors provide the flow monitoring information to be analyzed, but the particular information structure and format provided by different collector implementations is a recurring problem. In this paper, a new YANG data model is proposed as a standard model to use NetFlow-based monitoring data. In order to validate the proposal, a NetFlow collector incorporating the proposed NetFlow YANG model has been developed, to be integrated in a network scenario in which network flows are analyzed to detect malicious cryptomining activity. This collector extends an existing one, and provides design patterns to incorporate other existing collectors into this common data model. Our results show how, by using the YANG modeling language, network flow information can be handled and aggregated in a formal and unified way that provides flexibility and facilitates data analysis applied to threat detection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
