Sold by: VyoPath
Deployed on AWS
Free Trial
NetFlow Machine-Learning based Network Intrusion Detection System
Overview
Machine-Learning-based Network Intrusion Detection System (NIDS) meant to be used with NetFlow traffic. Given an input flow, this will return the threat type alongside the confidence of the prediction. It is capable of detecting 4 main network traffic classes: Benign, Brute Force, DDoS, and DoS.
Accuracy: ~93%
Highlights
- Most important use cases: * NetFlow network intrusion detection system * NetFlow network analysis * Threat detection
- The model was trained with over 2.4M live and synthetic events. * Benign: means that the input NetFlow record does not belong to any attack class, in other words, is normal traffic. * Brute force: the record belongs to a possible Brute Force attack. * DDoS: the record belongs to a possible Distributed Denial of Service attack. * DoS: the record belongs to a possible Denial of Service attack.
- Model performance on validation data: * Overall accuracy (binary detection): ~93% * Processing Speed 93K events: 5 sec Note: binary detection means the ability of the model to detect a benign event vs all the attacks categories gathered into only one ‘attack’ label.
Details
Sold by
Categories
Delivery method
Latest version
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 5 days according to the free trial terms set by the vendor.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/host/hour |
|---|---|---|
ml.c5.2xlarge Inference (Batch) Recommended | Model inference on the ml.c5.2xlarge instance type, batch mode | $0.50 |
ml.c5.xlarge Inference (Real-Time) Recommended | Model inference on the ml.c5.xlarge instance type, real-time mode | $0.25 |
ml.c5.xlarge Inference (Batch) | Model inference on the ml.c5.xlarge instance type, batch mode | $0.50 |
ml.c5.4xlarge Inference (Batch) | Model inference on the ml.c5.4xlarge instance type, batch mode | $0.50 |
ml.c5.2xlarge Inference (Real-Time) | Model inference on the ml.c5.2xlarge instance type, real-time mode | $0.25 |
ml.c5.large Inference (Real-Time) | Model inference on the ml.c5.large instance type, real-time mode | $0.25 |
Vendor refund policy
We do not at this time accept refunds for used resources, but you may cancel your subscription at any time. If you have any concerns, questions, or feedback, please email info@vyopath.com
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Amazon SageMaker model
An Amazon SageMaker model package is a pre-trained machine learning model ready to use without additional training. Use the model package to create a model on Amazon SageMaker for real-time inference or batch processing. Amazon SageMaker is a fully managed platform for building, training, and deploying machine learning models at scale.
Deploy the model on Amazon SageMaker AI using the following options:
Version release notes
- New ML model. Trained with events captured from live data capture.
- Improved detection accuracy for Brute Force and SSH DoS events. Now is over 90%
Additional details
Inputs
- Summary
The model accepts either application/json or text/csv.
The ML model was trained with all the Cisco Netflow V5 fields.
The fields must be in the following order: 'srcaddr', 'dstaddr', 'nexthop',input', 'output', 'dPkts','dOctets', 'first', 'last', 'srcport', 'dstport', 'tcp_flags', 'prot', 'tos', 'src_as', 'dst_as', 'src_mask', 'dst_mask'.
More information about the description and meaning of each field here .
- Limitations for input type
- Only allows IPv4 protocol.
- Input MIME type
- text/csv, application/json
https://github.com/vyopath/aws-sagemaker-flow-threat-detection/tree/main/data/input/real-time
https://github.com/vyopath/aws-sagemaker-flow-threat-detection/tree/main/data/input/batch
Input data descriptions
The following table describes supported input data fields for real-time inference and batch transform.
Field name | Description | Constraints | Required |
|---|---|---|---|
srcaddr | Source IP address | Type: FreeText
Limitations: IPv4 only | Yes |
dstaddr | Destination IP address | Type: FreeText
Limitations: IPv4 only | Yes |
nexthop | IP address of next hop router | Type: FreeText
Limitations: IPv4 only | Yes |
input | SNMP index of input interface | Type: Integer | Yes |
output | SNMP index of output interface
| Type: Integer | Yes |
dPkts | Packets in the flow
| Type: Integer | Yes |
dOctets | Total number of Layer 3 bytes in the packets of the flow
| Type: Integer | Yes |
first | SysUptime at start of flow
| Type: Integer | Yes |
last | SysUptime at the time the last packet of the flow was received
| Type: Integer | Yes |
srcport | TCP/UDP source port number or equivalent
| Type: Integer | Yes |
Resources
Vendor resources
Support
Vendor support
Email: info@vyopath.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
NetFlow Machine-Learning based Network Intrusion Detection System with post-processing enhancement
IBM QRadar SIEM empowers security analysts and security operations teams with the visibility, automation and insights needed to quickly detect anomalies and uncover advanced threats in real-time.
Expand your coverage against command and control, web-based, file-based, DNS protocol, and other threats with industries most advanced cloud delivered security services that protect your AWS workloads, VDIs and user traffic with AI/ML-powered VM-Series virtual firewalls from Palo Alto Networks. This listing includes 24x7 Premium Support.
Next generation SIEM that provides a unified platform to collect, correlate and manage massive amounts of log data in the context of your IT infrastructure
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.