Skip to main content
Conference ProceedingsOPEN ACCESS

Detecting Abnormal Interactions among Intranet Groups Based on Netflow Data

IOP Conference Series: Earth and Environmental Science (2020) 428(1)
DOI: 10.1088/1755-1315/428/1/012039
1Citations
Citations of this article
6Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

This paper proposes a method for detecting abnormal interactions among intranet groups based on netflow data. Firstly, the netflows of each group are aggregated, and two anomaly detection indicators are constructed, i.e., the group network traffic and the uncertainty of group network traffic distribution. Secondly, the time series of two anomaly detection indicators of each group are analyzed, and four prediction models are used for prediction. Finally, the best-performing model is selected as the prediction benchmark, and the difference between the predicted result and the real data is used to detect whether there is an interaction anomaly among groups. The experimental results show that the proposed method can effectively detect the abnormal interaction among groups in intranet.

Cite

CITATION STYLE

APA

Yu, T., & Yue, R. (2020). Detecting Abnormal Interactions among Intranet Groups Based on Netflow Data. In IOP Conference Series: Earth and Environmental Science (Vol. 428). Institute of Physics Publishing. https://doi.org/10.1088/1755-1315/428/1/012039

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free