Machine Learning Approach for IP-Flow Record Anomaly Detection
Faced to continuous arising new threats, the detection of anomalies in current operational networks has become essential. Network operators have to deal with huge data volumes for analysis purpose. To counter this main issue, dealing with IP flow (also known as Netflow) records is common in network management. However, still in modern networks, Netflow records represent high volume of data. In this paper, the authors present an approach for evaluating Netflow records by referring to a method of temporal aggregation applied to Machine Learning techniques. They present an approach that leverages support vector machines in order to analyze large volumes of Netflow records.