{"id":29714,"date":"2025-10-30T11:07:22","date_gmt":"2025-10-30T10:07:22","guid":{"rendered":"https:\/\/tinextadefence.it\/?p=29714"},"modified":"2025-10-30T11:07:22","modified_gmt":"2025-10-30T10:07:22","slug":"netflowmeter-analysis-of-the-cicids2017-dataset-and-intrusion-detection-via-ml","status":"publish","type":"post","link":"https:\/\/tinextadefence.it\/en\/netflowmeter-analysis-of-the-cicids2017-dataset-and-intrusion-detection-via-ml\/","title":{"rendered":"NetFlowMeter: analysis of the CICIDS2017 dataset and intrusion detection using ML"},"content":{"rendered":"<p>The evolution of cyber threats has highlighted the limitations of traditional signature-based methods for traffic analysis and intrusion detection, pushing towards the adoption of Machine Learning-based approaches.<\/p>\n<p>This is the background to the new study\u00a0<b>AI4Cyber<\/b>dedicated to the analysis of two variants of the dataset\u00a0<b>CICIDS2017<\/b>which is widely recognised as a benchmark in the scientific literature. The former is based on CSV files derived from a revised version of the original dataset, while the latter requires the generation of network flows from raw PCAP files using\u00a0<b>NetFlowMeter<\/b>our tool developed to overcome the criticalities of\u00a0<b>CICFlowMeter<\/b>.<\/p>\n<p>The research consisted of two phases: an exploratory phase, conducted with decision trees, which revealed particularly discriminating features, and a second phase devoted to semi-supervised anomaly detection, using an autoencoder trained on normal traffic.<\/p>\n<p>The analysis revealed some critical issues related to false positives, which may reduce the effectiveness of detection systems. Therefore, to mitigate this risk we propose the use of more advanced models, ensemble learning techniques and an integration with rule-based filtering mechanisms. We also reiterate the importance of a rigorous approach in the validation of datasets and third-party tools.<\/p>\n<p>If you wish to learn more, here is the link to our\u00a0<b><\/b><strong><a class=\"\" href=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Report_NetFlowMeter.pdf\" target=\"_blank\" rel=\"noopener\">comprehensive study<\/a><\/strong><b><\/b>.<\/p>\n<p><span data-contrast=\"none\">In addition, you can subscribe to the specific mailing list <\/span><b><span data-contrast=\"none\">Cyber Studios by Tinexta Defence<\/span><\/b><span data-contrast=\"none\">, to receive updates on upcoming research:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/tinextadefence.it\/en\/cyber-studios-mailing-list\/\"><span data-contrast=\"none\">https:\/\/tinextadefence.it\/mailing-list-cyber-studios\/<\/span><\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>The evolution of cyber threats has highlighted the limitations of traditional signature-based methods for traffic analysis and intrusion detection, pushing towards the adoption of Machine Learning-based approaches. This is the context for the new AI4Cyber study, dedicated to the analysis of two variants of the CICIDS2017 dataset, widely recognised as a benchmark in the scientific literature. The [...]<\/p>","protected":false},"author":7,"featured_media":29712,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[102],"tags":[],"class_list":["post-29714","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tinextadefencebusiness"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>NetFlowMeter: analisi del dataset CICIDS2017 e rilevamento delle intrusioni tramite ML - Tinexta Defence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tinextadefence.it\/en\/netflowmeter-analysis-of-the-cicids2017-dataset-and-intrusion-detection-via-ml\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NetFlowMeter: analisi del dataset CICIDS2017 e rilevamento delle intrusioni tramite ML - Tinexta Defence\" \/>\n<meta property=\"og:description\" content=\"L\u2019evoluzione delle minacce informatiche ha evidenziato i limiti dei metodi tradizionali basati su firme per l\u2019analisi del traffico e il rilevamento delle intrusioni, spingendo verso l\u2019adozione di approcci basati su Machine Learning. In questo contesto si inserisce il nuovo studio\u00a0AI4Cyber, dedicato all\u2019analisi di due varianti del dataset\u00a0CICIDS2017, ampiamente riconosciuto come benchmark nella letteratura scientifica. La [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tinextadefence.it\/en\/netflowmeter-analysis-of-the-cicids2017-dataset-and-intrusion-detection-via-ml\/\" \/>\n<meta property=\"og:site_name\" content=\"Tinexta Defence\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-30T10:07:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"960\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Federica Casadei\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Federica Casadei\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/\"},\"author\":{\"name\":\"Federica Casadei\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\"},\"headline\":\"NetFlowMeter: analisi del dataset CICIDS2017 e rilevamento delle intrusioni tramite ML\",\"datePublished\":\"2025-10-30T10:07:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/\"},\"wordCount\":250,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg\",\"articleSection\":[\"#TDefenceBusiness\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/\",\"url\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/\",\"name\":\"NetFlowMeter: analisi del dataset CICIDS2017 e rilevamento delle intrusioni tramite ML - Tinexta Defence\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg\",\"datePublished\":\"2025-10-30T10:07:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#primaryimage\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg\",\"width\":1800,\"height\":960},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tinextadefence.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NetFlowMeter: analisi del dataset CICIDS2017 e rilevamento delle intrusioni tramite ML\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tinextadefence.it\/#website\",\"url\":\"https:\/\/tinextadefence.it\/\",\"name\":\"Tinexta Defence\",\"description\":\"think next, protect now\",\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tinextadefence.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tinextadefence.it\/#organization\",\"name\":\"Tinexta Defence\",\"url\":\"https:\/\/tinextadefence.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"width\":2000,\"height\":990,\"caption\":\"Tinexta Defence\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\",\"name\":\"Federica Casadei\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"caption\":\"Federica Casadei\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NetFlowMeter: CICIDS2017 dataset analysis and ML intrusion detection - Tinexta Defence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tinextadefence.it\/en\/netflowmeter-analysis-of-the-cicids2017-dataset-and-intrusion-detection-via-ml\/","og_locale":"en_GB","og_type":"article","og_title":"NetFlowMeter: analisi del dataset CICIDS2017 e rilevamento delle intrusioni tramite ML - Tinexta Defence","og_description":"L\u2019evoluzione delle minacce informatiche ha evidenziato i limiti dei metodi tradizionali basati su firme per l\u2019analisi del traffico e il rilevamento delle intrusioni, spingendo verso l\u2019adozione di approcci basati su Machine Learning. In questo contesto si inserisce il nuovo studio\u00a0AI4Cyber, dedicato all\u2019analisi di due varianti del dataset\u00a0CICIDS2017, ampiamente riconosciuto come benchmark nella letteratura scientifica. La [&hellip;]","og_url":"https:\/\/tinextadefence.it\/en\/netflowmeter-analysis-of-the-cicids2017-dataset-and-intrusion-detection-via-ml\/","og_site_name":"Tinexta Defence","article_published_time":"2025-10-30T10:07:22+00:00","og_image":[{"width":1800,"height":960,"url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg","type":"image\/jpeg"}],"author":"Federica Casadei","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Federica Casadei","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#article","isPartOf":{"@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/"},"author":{"name":"Federica Casadei","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d"},"headline":"NetFlowMeter: analisi del dataset CICIDS2017 e rilevamento delle intrusioni tramite ML","datePublished":"2025-10-30T10:07:22+00:00","mainEntityOfPage":{"@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/"},"wordCount":250,"commentCount":0,"publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"image":{"@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg","articleSection":["#TDefenceBusiness"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/","url":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/","name":"NetFlowMeter: CICIDS2017 dataset analysis and ML intrusion detection - Tinexta Defence","isPartOf":{"@id":"https:\/\/tinextadefence.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#primaryimage"},"image":{"@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg","datePublished":"2025-10-30T10:07:22+00:00","breadcrumb":{"@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#primaryimage","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/10\/Business_evidenza-4.jpg","width":1800,"height":960},{"@type":"BreadcrumbList","@id":"https:\/\/tinextadefence.it\/netflowmeter-analisi-del-dataset-cicids2017-e-rilevamento-delle-intrusioni-tramite-ml\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tinextadefence.it\/"},{"@type":"ListItem","position":2,"name":"NetFlowMeter: analisi del dataset CICIDS2017 e rilevamento delle intrusioni tramite ML"}]},{"@type":"WebSite","@id":"https:\/\/tinextadefence.it\/#website","url":"https:\/\/tinextadefence.it\/","name":"Tinexta Defence","description":"think next, protect now","publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tinextadefence.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/tinextadefence.it\/#organization","name":"Tinexta Defence","url":"https:\/\/tinextadefence.it\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","width":2000,"height":990,"caption":"Tinexta Defence"},"image":{"@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d","name":"Federica Casadei","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","caption":"Federica Casadei"}}]}},"_links":{"self":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/29714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/comments?post=29714"}],"version-history":[{"count":0,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/29714\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media\/29712"}],"wp:attachment":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media?parent=29714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/categories?post=29714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/tags?post=29714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}