Article: Supporting features for flow-level packet analysis towards cyber threat detection: a pilot study Journal: International Journal of Information and Computer Security (IJICS) 2021 Vol.16 No.1/2 pp.137 - 149 Abstract: Thousands of new threats and threat categories emerge every second in cyberspace, even as known threats keep adapting robustly to existing solutions, thus challenging modern approaches to threat detection. While many contemporary detection solutions continue to rely largely on flow-level packet analysis by monitoring trends and patterns of activity in supporting flow features of interest, little attention has been paid to whether such supporting flow features still present an effective means of reaching accurate conclusions regarding imminent or occurrent cyber threat incidents, especially in light of the rapidly evolving threat landscape. Hence, this pilot study reinvestigates four commonly-used supporting flow features in modern threat detection solutions, viz.: flow packet count, flow packet throughput (bytes/s), flow packet throughput (packets/s) and average flow packet size (bytes), to ascertain/verify their continued relevance for cyber threat detection. The study adopts the methodology of data simulation with descriptive infographic analysis using the UNSW-NB15 dataset. Inderscience Publishers - linking academia, business and industry through research

Title: Supporting features for flow-level packet analysis towards cyber threat detection: a pilot study

Authors: Emmanuel C. Ogu; Olusegun A. Ojesanmi; Oludele Awodele; Shade O. Kuyoro

Addresses: Department of Computer Science, School of Computing and Engineering Sciences, Babcock University, Ilishan-Remo, Ogun State, Nigeria ' Department of Computer Science, College of Sciences, Federal University of Agriculture, Abeokuta, Ogun State, Nigeria ' Department of Computer Science, School of Computing and Engineering Sciences, Babcock University, Ilishan-Remo, Ogun State, Nigeria ' Department of Computer Science, School of Computing and Engineering Sciences, Babcock University, Ilishan-Remo, Ogun State, Nigeria

Abstract: Thousands of new threats and threat categories emerge every second in cyberspace, even as known threats keep adapting robustly to existing solutions, thus challenging modern approaches to threat detection. While many contemporary detection solutions continue to rely largely on flow-level packet analysis by monitoring trends and patterns of activity in supporting flow features of interest, little attention has been paid to whether such supporting flow features still present an effective means of reaching accurate conclusions regarding imminent or occurrent cyber threat incidents, especially in light of the rapidly evolving threat landscape. Hence, this pilot study reinvestigates four commonly-used supporting flow features in modern threat detection solutions, viz.: flow packet count, flow packet throughput (bytes/s), flow packet throughput (packets/s) and average flow packet size (bytes), to ascertain/verify their continued relevance for cyber threat detection. The study adopts the methodology of data simulation with descriptive infographic analysis using the UNSW-NB15 dataset.

Keywords: threat intelligence; cyber threats; packet analysis; flow features; threat detection; cyber security; network security; computer security; information security; cyber threat detection.

DOI: 10.1504/IJICS.2021.117399

International Journal of Information and Computer Security, 2021 Vol.16 No.1/2, pp.137 - 149

Received: 22 Aug 2018
Accepted: 30 Nov 2018
Published online: 06 Sep 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Supporting features for flow-level packet analysis towards cyber threat detection: a pilot study

Keep up-to-date