ABSTRACT
This chapter presents a new approach to detect malicious traffic, even if as part of new attacks, and identifies the malicious hosts involved by inspecting network flows. It provides an approach for improving network security based on the inspection of network flows by using a combination of unsupervised machine learning techniques to detect intrusions. Network flow technology is built-in in network devices, so it allows to select, from all the traffic passing through that device, the traffic that matches the set of features that were previously defined by the network administrator, in order to obtain what he wants to analyze. The chapter proposes an approach to detect unknown network attacks based on the assumption that the majority of the observed traffic is benign rather than malicious, as well as that malicious traffic is qualitatively different to the regular, normal traffic. The system is based on analysis of network flows, which makes it capable of analyzing such connection links.
