NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph
Figuring the network's hidden abnormal behavior can reduce network vulnerability. This paper presents a detailed architecture in which the collected log data of the network can be processed and analyzed. We process and integrate on-campus network information from every router and store the inte...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/8949457/ |
| _version_ | 1818665315552198656 |
|---|---|
| author | Chao-Tung Yang Jung-Chun Liu Endah Kristiani Ming-Lun Liu Ilsun You Giovanni Pau |
| author_facet | Chao-Tung Yang Jung-Chun Liu Endah Kristiani Ming-Lun Liu Ilsun You Giovanni Pau |
| author_sort | Chao-Tung Yang |
| collection | DOAJ |
| description | Figuring the network's hidden abnormal behavior can reduce network vulnerability. This paper presents a detailed architecture in which the collected log data of the network can be processed and analyzed. We process and integrate on-campus network information from every router and store the integrated NetFlow log data. Ceph is used as an open-source distributed storage platform that offers high efficiency, high reliability, scalability, and preliminary preprocessing of raw data with Python, removing redundant areas and unification. In the subanalysis, we discover the anomaly event and absolute flow by three times of standard deviation rule. Keras has been used to classify in-time data collected via a cyber-attack and to construct an automatic identifier template through the Recurring Neural Network (RNN) test. The identification accuracy of the optimization model is around 98% in attack detection. Finally, in the MySQL server, the results of the real-time evaluation can be obtained, and the results of the assessment can be displayed via ECharts. |
| first_indexed | 2024-12-17T05:46:41Z |
| format | Article |
| id | doaj.art-a10b984bf4374e17981abc31a9961bef |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-17T05:46:41Z |
| publishDate | 2020-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-a10b984bf4374e17981abc31a9961bef2022-12-21T22:01:18ZengIEEEIEEE Access2169-35362020-01-0187842785010.1109/ACCESS.2019.29637168949457NetFlow Monitoring and Cyberattack Detection Using Deep Learning With CephChao-Tung Yang0https://orcid.org/0000-0002-9579-4426Jung-Chun Liu1https://orcid.org/0000-0002-9361-4719Endah Kristiani2https://orcid.org/0000-0003-2925-2992Ming-Lun Liu3https://orcid.org/0000-0001-5664-4508Ilsun You4https://orcid.org/0000-0002-0604-3445Giovanni Pau5https://orcid.org/0000-0002-5798-398XDepartment of Computer Science, Tunghai University, Taichung City, TaiwanDepartment of Computer Science, Tunghai University, Taichung City, TaiwanDepartment of Industrial Engineering and Enterprise Information, Tunghai University, Taichung City, TaiwanDepartment of Computer Science, Tunghai University, Taichung City, TaiwanDepartment of Information Security Engineering, Soonchunhyang University, Asan-si, South KoreaFaculty of Engineering and Architecture, Kore University of Enna, Enna, ItalyFiguring the network's hidden abnormal behavior can reduce network vulnerability. This paper presents a detailed architecture in which the collected log data of the network can be processed and analyzed. We process and integrate on-campus network information from every router and store the integrated NetFlow log data. Ceph is used as an open-source distributed storage platform that offers high efficiency, high reliability, scalability, and preliminary preprocessing of raw data with Python, removing redundant areas and unification. In the subanalysis, we discover the anomaly event and absolute flow by three times of standard deviation rule. Keras has been used to classify in-time data collected via a cyber-attack and to construct an automatic identifier template through the Recurring Neural Network (RNN) test. The identification accuracy of the optimization model is around 98% in attack detection. Finally, in the MySQL server, the results of the real-time evaluation can be obtained, and the results of the assessment can be displayed via ECharts.https://ieeexplore.ieee.org/document/8949457/Data storagecephdeep learningcyberattacknetflow log |
| spellingShingle | Chao-Tung Yang Jung-Chun Liu Endah Kristiani Ming-Lun Liu Ilsun You Giovanni Pau NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph IEEE Access Data storage ceph deep learning cyberattack netflow log |
| title | NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph |
| title_full | NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph |
| title_fullStr | NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph |
| title_full_unstemmed | NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph |
| title_short | NetFlow Monitoring and Cyberattack Detection Using Deep Learning With Ceph |
| title_sort | netflow monitoring and cyberattack detection using deep learning with ceph |
| topic | Data storage ceph deep learning cyberattack netflow log |
| url | https://ieeexplore.ieee.org/document/8949457/ |
| work_keys_str_mv | AT chaotungyang netflowmonitoringandcyberattackdetectionusingdeeplearningwithceph AT jungchunliu netflowmonitoringandcyberattackdetectionusingdeeplearningwithceph AT endahkristiani netflowmonitoringandcyberattackdetectionusingdeeplearningwithceph AT minglunliu netflowmonitoringandcyberattackdetectionusingdeeplearningwithceph AT ilsunyou netflowmonitoringandcyberattackdetectionusingdeeplearningwithceph AT giovannipau netflowmonitoringandcyberattackdetectionusingdeeplearningwithceph |