Abstract
To secure a system, potential threats must be identified and therefore, attack features are understood and predicted. Present work aims at being one step towards the proposal of an Intrusion Detection System (IDS) that faces zero-day attacks. To do that, MObile VIsualisation Connectionist Agent-Based IDS (MOVICAB-IDS), previously proposed as a hybrid-intelligent visualization-based IDS, is being upgraded by adding clustering methods. To check the validity of the proposed clustering extension, it faces a realistic flow-based dataset in present paper. The analyzed data come from a honeypot directly connected to the Internet (thus ensuring attack-exposure) and is analyzed by clustering and neural tools, individually and in conjunction. Through the experimental stage, it is shown that the combination of clustering and neural projection improves the detection capability on a continuous network flow.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP flow information export (IPFIX)
Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An overview of IP flow-based intrusion detection. IEEE Commun. Surv. Tutor. 12, 343–356 (2010)
Sperotto, A., Pras, A.: Flow-based intrusion detection. In: IFIP/IEEE International Symposium on Integrated Network Management (IM), 2011, pp. 958–963 (2011)
Corchado, E., Herrero, Á.: Neural visualization of network traffic data for intrusion detection. Appl. Soft Comput. 11, 2042–2056 (2011)
Yorn-Tov, E., Inbar, G.F.: Selection of relevant features for classification of movements from single movement-related potentials using a genetic algorithm. In: 23rd Annual International Conference of the IEEE Engineering in Medicine and Biology Society, 2001, vol. 2, pp. 1364–1366 (2001)
Sánchez, R., Herrero, Á., Corchado, E.: Clustering extension of MOVICAB-IDS to identify SNMP community searches. Logic J. IGPL 23, 121–140 (2015)
Sánchez, R., Herrero, Á., Corchado, E.: Visualization and clustering for SNMP intrusion detection. Cybern. Syst. Int. J. 44, 505–532 (2013)
Sperotto, A., Sadre, R., Vliet, F.v., Pras, A.: A Labeled Data Set For Flow-based Intrusion Detection, pp. 39–50. IP Operations and Management, Berlin (2009)
Zheng, Q.H., Xuan, Y.G., Hu, W.H.: An IDS alert aggregation method based on clustering. In: Zhang, H., Shen, G., Jin, D. (eds.): Advanced Research on Information Science, Automation and Material System, Pts 1-6, vol. 219–220, pp. 156–159. Trans Tech Publications Ltd, Stafa-Zurich (2011)
Qiao, L.B., Zhang, B.F., Lai, Z.Q., Su, J.S.: IEEE: Mining of Attack Models in IDS Alerts from Network Backbone by a Two-stage Clustering Method. In: 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & Phd Forum, pp. 1263–1269. IEEE, New York (2012)
Jiang, S., Song, X., Wang, H., Han, J.-J., Li, Q.-H.: A clustering-based method for unsupervised intrusion detections. Pattern Recogn. Lett. 27, 802–810 (2006)
Cui, K.Y.: IEEE: Research on Clustering Technique in Network Intrusion Detection. IEEE Computer Society, Los Alamitos (2012)
Ge, L., Zhang, C.Q.: The application of clustering algorithm in intrusion detection system. In: Jin, D., Lin, S. (eds.) Advances in Future Computer and Control Systems, vol. 159, pp. 77–82. Springer, Berlin (2012)
Friedman, J.H., Tukey, J.W.: A projection pursuit algorithm for exploratory data-analysis. IEEE Trans. Comput. 23, 881–890 (1974)
Corchado, E., MacDonald, D., Fyfe, C.: Maximum and minimum likelihood hebbian learning for exploratory projection pursuit. Data Min. Knowl. Disc. 8, 203–225 (2004)
Corchado, E., Fyfe, C.: Connectionist techniques for the identification and suppression of interfering underlying factors. Int. J. Pattern Recognit. Artif.Intell. 17, 1447–1466 (2003)
Seung, H.S., Socci, N.D., Lee, D.: The rectified Gaussian distribution. Adv. Neural Inf. Process. Syst. 10, 350–356 (1998)
Jain, A.K., Murty, M.N, Flynn, P.J.: Data clustering: a review. ACM Comput. Surv. 31 (1999)
Xu, R., Wunsch, D.C.: Clustering. Wiley, New York (2009)
Andreopoulos, B., An, A., Wang, X., Schroeder, M.: A roadmap of clustering algorithms: finding a match for a biomedical application. Brief Bioinform 10, 297–314 (2009)
Zhuang, W.W., Ye, Y.F., Chen, Y., Li, T.: Ensemble clustering for Internet security applications. IEEE Trans. Syst. Man Cybern. Part C-Appl. Rev. 42, 1784–1796 (2012)
Pouget, F., Dacier, M.: Honeypot-based forensics. In: Proceedings of the AusCERT Asia Pacific Information Technology Security Conference 2004 (AusCERT2004), 23–27 May 2004, Brisbane, Australia (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Sánchez, R., Herrero, Á., Corchado, E. (2015). Clustering and Neural Visualization for Flow-Based Intrusion Detection. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds) International Joint Conference. CISIS 2015. Advances in Intelligent Systems and Computing, vol 369. Springer, Cham. https://doi.org/10.1007/978-3-319-19713-5_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-19713-5_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19712-8
Online ISBN: 978-3-319-19713-5
eBook Packages: EngineeringEngineering (R0)