Temporal Analysis of NetFlow Datasets for Network Intrusion Detection Systems
This work addresses a data gap for researchers and practitioners in network security, though it is incremental as it builds on known needs for temporal analysis.
This paper tackles the lack of temporal features in existing NetFlow datasets for network intrusion detection systems by creating new datasets that incorporate these features, and it finds that many attacks have unique temporal patterns that could aid machine learning models.
This paper investigates the temporal analysis of NetFlow datasets for machine learning (ML)-based network intrusion detection systems (NIDS). Although many previous studies have highlighted the critical role of temporal features, such as inter-packet arrival time and flow length/duration, in NIDS, the currently available NetFlow datasets for NIDS lack these temporal features. This study addresses this gap by creating and making publicly available a set of NetFlow datasets that incorporate these temporal features [1]. With these temporal features, we provide a comprehensive temporal analysis of NetFlow datasets by examining the distribution of various features over time and presenting time-series representations of NetFlow features. This temporal analysis has not been previously provided in the existing literature. We also borrowed an idea from signal processing, time frequency analysis, and tested it to see how different the time frequency signal presentations (TFSPs) are for various attacks. The results indicate that many attacks have unique patterns, which could help ML models to identify them more easily.