AI-Based Anomaly Detection and Classification of Traffic Using Netflow
Gustavo Gonzalez Granadillo, Nesrine Kaaniche
2025
Abstract
Anomalies manifest differently in network statistics, making it difficult to develop generalized models for normal network behaviors and anomalies. This paper analyzes various Machine Learning (ML) and Deep Learning (DL) algorithms employing supervised techniques for both binary and multi-class classification of network traffic. Experiments have been conducted using a validated NetFlow-based dataset containing over 31 million incoming and outgoing network connections of an IT infrastructure. Preliminary results indicate that no single model effectively detects all cyber-attacks. However, selected models for binary and multi-class classification show promising results, achieving performance levels of up to 99.9% in the best of the cases.
DownloadPaper Citation
in Harvard Style
Granadillo G. and Kaaniche N. (2025). AI-Based Anomaly Detection and Classification of Traffic Using Netflow. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 644-649. DOI: 10.5220/0013552700003979
in Bibtex Style
@conference{secrypt25,
author={Gustavo Granadillo and Nesrine Kaaniche},
title={AI-Based Anomaly Detection and Classification of Traffic Using Netflow},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={644-649},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013552700003979},
isbn={978-989-758-760-3},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - AI-Based Anomaly Detection and Classification of Traffic Using Netflow
SN - 978-989-758-760-3
AU - Granadillo G.
AU - Kaaniche N.
PY - 2025
SP - 644
EP - 649
DO - 10.5220/0013552700003979
PB - SciTePress