Sold by: VyoPath
Deployed on AWS
Free Trial
NetFlow Machine-Learning based Network Intrusion Detection System with post-processing enhancement
Overview
Machine-Learning-based Network Intrusion Detection System (NIDS) meant to be used with NetFlow traffic. Given an input flow, this will return the threat type alongside the confidence of the prediction. It is capable of detecting 4 main network traffic classes: Benign, Brute Force, DDoS, and DoS.
Post-processing improves accuracy by 4% over Flow Threat Detection, however inference speed is diminished.
WARNING...Post-processing is performed against each individual "batch" of records sent to the model for processing. A batch of many records would benefit from post-processing. A "batch" of 1 record would not benefit from post-processing.
Highlights
- Most important use cases: * NetFlow network intrusion detection system * NetFlow network analysis * Threat detection
- The model was trained with over 2.4M live and synthetic events. * Benign: means that the input NetFlow record does not belong to any attack class, in other words, is normal traffic. * Brute force: the record belongs to a possible Brute Force attack. * DDoS: the record belongs to a possible Distributed Denial of Service attack. * DoS: the record belongs to a possible Denial of Service attack.
- Model performance on validation data: * Overall accuracy (binary detection): ~97% * Processing Speed 93K events: 65 sec Note: binary detection means the ability of the model to detect a benign event vs all the attacks categories gathered into only one ‘attack’ label.
Details
Sold by
Categories
Delivery method
Latest version
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 5 days according to the free trial terms set by the vendor.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/host/hour |
|---|---|---|
ml.c5.2xlarge Inference (Batch) Recommended | Model inference on the ml.c5.2xlarge instance type, batch mode | $0.50 |
ml.c5.xlarge Inference (Real-Time) Recommended | Model inference on the ml.c5.xlarge instance type, real-time mode | $0.25 |
ml.c5.xlarge Inference (Batch) | Model inference on the ml.c5.xlarge instance type, batch mode | $0.50 |
ml.c5.4xlarge Inference (Batch) | Model inference on the ml.c5.4xlarge instance type, batch mode | $0.50 |
ml.c5.2xlarge Inference (Real-Time) | Model inference on the ml.c5.2xlarge instance type, real-time mode | $0.25 |
ml.c5.large Inference (Real-Time) | Model inference on the ml.c5.large instance type, real-time mode | $0.25 |
Vendor refund policy
We do not at this time accept refunds for used resources, but you may cancel your subscription at any time. If you have any concerns, questions, or feedback, please email info@vyopath.com
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Amazon SageMaker model
An Amazon SageMaker model package is a pre-trained machine learning model ready to use without additional training. Use the model package to create a model on Amazon SageMaker for real-time inference or batch processing. Amazon SageMaker is a fully managed platform for building, training, and deploying machine learning models at scale.
Deploy the model on Amazon SageMaker AI using the following options:
Version release notes
- All the features from the Threat Flow Detection v1.0
- Added a post-processing stage that uses a conversational approach to enhance the model performance
Additional details
Inputs
- Summary
The model accepts either application/json or text/csv.
The ML model was trained with all the Cisco Netflow V5 fields.
The fields must be in the following order: 'srcaddr', 'dstaddr', 'nexthop',input', 'output', 'dPkts','dOctets', 'first', 'last', 'srcport', 'dstport', 'tcp_flags', 'prot', 'tos', 'src_as', 'dst_as', 'src_mask', 'dst_mask'.
More information about the description and meaning of each field here .
- Limitations for input type
- Only allows IPv4 protocol.
https://github.com/vyopath/aws-sagemaker-flow-threat-detection/tree/main/data/input/real-time
https://github.com/vyopath/aws-sagemaker-flow-threat-detection/tree/main/data/input/batch
Input data descriptions
The following table describes supported input data fields for real-time inference and batch transform.
Field name | Description | Constraints | Required |
|---|---|---|---|
srcaddr | Source IP address | Type: FreeText
Limitations: IPv4 only | Yes |
dstaddr | Destination IP address | Type: FreeText
Limitations: IPv4 only | Yes |
nexthop | IP address of next hop router | Type: FreeText
Limitations: IPv4 only | Yes |
input | SNMP index of input interface | Type: Integer | Yes |
output | SNMP index of output interface
| Type: Integer | Yes |
dPkts | Packets in the flow
| Type: Integer | Yes |
dOctets | Total number of Layer 3 bytes in the packets of the flow
| Type: Integer | Yes |
first | SysUptime at start of flow
| Type: Integer | Yes |
last | SysUptime at the time the last packet of the flow was received
| Type: Integer | Yes |
srcport | TCP/UDP source port number or equivalent
| Type: Integer | Yes |
Resources
Vendor resources
Support
Vendor support
Email: info@vyopath.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
MDACA Data Flow (DF) provides a powerful enterprise-grade platform to collect, route, enrich, transform, and process data in a reliable and scalable manner. It automates the movement of data between disparate data sources and systems, making data ingestion fast, easy and secure. It provides real time and batch data ingestion and transfer between different sources and destination. DF provides real-time control to easily manage the movement of data between any source and any destination. The web-based user interface provides a seamless experience between design, control, feedback, and monitoring. It is extendable to support disparate and distributed data sources of differing formats, schemas, protocols, speeds and sizes such as machines, geolocation devices, click streams, files, social feeds, log files, videos and more. It supports the automation and movement of data, making data ingestion fast, easy and secure with nearly 300 out-of-the-box processors.
A preconfigured Apache NiFi AMI for building secure, scalable, and visual data flow pipelines on AWS.
Flow helps engineering leaders turn data into faster outcomes with fewer blockers. By connecting data across your entire DevOps stack - including Git, Jira, and collaboration tools - Flow surfaces insights that show where delivery slows down and how to fix it.
Aviatrix Cloud Network CoPilot provides a global view of your multicloud network. It helps IT teams maintain accurate topology maps, analyze network traffic flows, and troubleshoot anomalies. Aviatrix Cloud Network CoPilot offers operational features like packet capture, trace route, ping, and a metrics api. It leverages Aviatrix's advanced network and security services.
At Aviatrix, we simplify cloud networking so your business stays agile. Our cloud networking platform delivers the visibility, security, and control enterprises need to successfully manage and operate cloud networks at scale.
Built on the simplicity of Node-RED, FlowFuse adds the tools teams need to scale automation workflows with confidence. FlowFuse is an Industrial application platform that helps organizations build and manage powerful data-driven applications using Node-RED.
We make it easy to connect systems, automate processes, and build industrial or digital solutions - all while giving IT teams the control, security, and scalability they need. Whether you are an engineer, a developer, or a company scaling up operations, FlowFuse bridges the gap between innovation and reliability.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.