Challenges in Identifying Network Attacks Using Netflow Data

Edward Chuah, Neeraj Suri, Arshad Jhumka, Samantha Alt

Research output: Chapter in Book/Report/Conference proceedingPublished conference contribution

1 Citation (Scopus)


Large networks often encounter attacks that can affect the network availability. While multiple techniques exist to detect network attacks, a comprehensive understanding of how an attack occurs considering the various layers and components of the network software stack, can be an important element to help improve network security. By performing correlation analysis on contemporary unlabeled Netflow data, this paper conducts a comprehensive study of network flow events to identify communication patterns that may precede an attack, thereby providing potentially useful attack signatures to network administrators. Our work shows that, surprisingly, the Netflow data is not strongly correlated to network attacks. We observe that while spoof requests trigger reflection attacks, only a small percentage of the network packets are associated with the attack. Furthermore, lead time enhancements are feasible for reflection attacks that show long dwell times. Our study on network event correlations highlights empirical observations that could facilitate better attack handling in large networks.
Original languageEnglish
Title of host publication2021 IEEE 20th International Symposium on Network Computing and Applications (NCA)
Publication statusPublished - 31 Jan 2022


Dive into the research topics of 'Challenges in Identifying Network Attacks Using Netflow Data'. Together they form a unique fingerprint.

Cite this