Skip to main content

Clustering and Neural Visualization for Flow-Based Intrusion Detection

  • Conference paper
  • First Online:
International Joint Conference (CISIS 2015)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 369))

  • 822 Accesses

Abstract

To secure a system, potential threats must be identified and therefore, attack features are understood and predicted. Present work aims at being one step towards the proposal of an Intrusion Detection System (IDS) that faces zero-day attacks. To do that, MObile VIsualisation Connectionist Agent-Based IDS (MOVICAB-IDS), previously proposed as a hybrid-intelligent visualization-based IDS, is being upgraded by adding clustering methods. To check the validity of the proposed clustering extension, it faces a realistic flow-based dataset in present paper. The analyzed data come from a honeypot directly connected to the Internet (thus ensuring attack-exposure) and is analyzed by clustering and neural tools, individually and in conjunction. Through the experimental stage, it is shown that the combination of clustering and neural projection improves the detection capability on a continuous network flow.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP flow information export (IPFIX)

    Google Scholar 

  2. Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An overview of IP flow-based intrusion detection. IEEE Commun. Surv. Tutor. 12, 343–356 (2010)

    Article  Google Scholar 

  3. Sperotto, A., Pras, A.: Flow-based intrusion detection. In: IFIP/IEEE International Symposium on Integrated Network Management (IM), 2011, pp. 958–963 (2011)

    Google Scholar 

  4. Corchado, E., Herrero, Á.: Neural visualization of network traffic data for intrusion detection. Appl. Soft Comput. 11, 2042–2056 (2011)

    Article  Google Scholar 

  5. Yorn-Tov, E., Inbar, G.F.: Selection of relevant features for classification of movements from single movement-related potentials using a genetic algorithm. In: 23rd Annual International Conference of the IEEE Engineering in Medicine and Biology Society, 2001, vol. 2, pp. 1364–1366 (2001)

    Google Scholar 

  6. Sánchez, R., Herrero, Á., Corchado, E.: Clustering extension of MOVICAB-IDS to identify SNMP community searches. Logic J. IGPL 23, 121–140 (2015)

    Article  Google Scholar 

  7. Sánchez, R., Herrero, Á., Corchado, E.: Visualization and clustering for SNMP intrusion detection. Cybern. Syst. Int. J. 44, 505–532 (2013)

    Article  Google Scholar 

  8. Sperotto, A., Sadre, R., Vliet, F.v., Pras, A.: A Labeled Data Set For Flow-based Intrusion Detection, pp. 39–50. IP Operations and Management, Berlin (2009)

    Google Scholar 

  9. Zheng, Q.H., Xuan, Y.G., Hu, W.H.: An IDS alert aggregation method based on clustering. In: Zhang, H., Shen, G., Jin, D. (eds.): Advanced Research on Information Science, Automation and Material System, Pts 1-6, vol. 219–220, pp. 156–159. Trans Tech Publications Ltd, Stafa-Zurich (2011)

    Google Scholar 

  10. Qiao, L.B., Zhang, B.F., Lai, Z.Q., Su, J.S.: IEEE: Mining of Attack Models in IDS Alerts from Network Backbone by a Two-stage Clustering Method. In: 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & Phd Forum, pp. 1263–1269. IEEE, New York (2012)

    Google Scholar 

  11. Jiang, S., Song, X., Wang, H., Han, J.-J., Li, Q.-H.: A clustering-based method for unsupervised intrusion detections. Pattern Recogn. Lett. 27, 802–810 (2006)

    Article  Google Scholar 

  12. Cui, K.Y.: IEEE: Research on Clustering Technique in Network Intrusion Detection. IEEE Computer Society, Los Alamitos (2012)

    Google Scholar 

  13. Ge, L., Zhang, C.Q.: The application of clustering algorithm in intrusion detection system. In: Jin, D., Lin, S. (eds.) Advances in Future Computer and Control Systems, vol. 159, pp. 77–82. Springer, Berlin (2012)

    Chapter  Google Scholar 

  14. Friedman, J.H., Tukey, J.W.: A projection pursuit algorithm for exploratory data-analysis. IEEE Trans. Comput. 23, 881–890 (1974)

    Article  MATH  Google Scholar 

  15. Corchado, E., MacDonald, D., Fyfe, C.: Maximum and minimum likelihood hebbian learning for exploratory projection pursuit. Data Min. Knowl. Disc. 8, 203–225 (2004)

    Article  MathSciNet  Google Scholar 

  16. Corchado, E., Fyfe, C.: Connectionist techniques for the identification and suppression of interfering underlying factors. Int. J. Pattern Recognit. Artif.Intell. 17, 1447–1466 (2003)

    Article  Google Scholar 

  17. Seung, H.S., Socci, N.D., Lee, D.: The rectified Gaussian distribution. Adv. Neural Inf. Process. Syst. 10, 350–356 (1998)

    Google Scholar 

  18. Jain, A.K., Murty, M.N, Flynn, P.J.: Data clustering: a review. ACM Comput. Surv. 31 (1999)

    Google Scholar 

  19. Xu, R., Wunsch, D.C.: Clustering. Wiley, New York (2009)

    Google Scholar 

  20. Andreopoulos, B., An, A., Wang, X., Schroeder, M.: A roadmap of clustering algorithms: finding a match for a biomedical application. Brief Bioinform 10, 297–314 (2009)

    Article  Google Scholar 

  21. Zhuang, W.W., Ye, Y.F., Chen, Y., Li, T.: Ensemble clustering for Internet security applications. IEEE Trans. Syst. Man Cybern. Part C-Appl. Rev. 42, 1784–1796 (2012)

    Google Scholar 

  22. Pouget, F., Dacier, M.: Honeypot-based forensics. In: Proceedings of the AusCERT Asia Pacific Information Technology Security Conference 2004 (AusCERT2004), 23–27 May 2004, Brisbane, Australia (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Álvaro Herrero .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Sánchez, R., Herrero, Á., Corchado, E. (2015). Clustering and Neural Visualization for Flow-Based Intrusion Detection. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds) International Joint Conference. CISIS 2015. Advances in Intelligent Systems and Computing, vol 369. Springer, Cham. https://doi.org/10.1007/978-3-319-19713-5_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-19713-5_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-19712-8

  • Online ISBN: 978-3-319-19713-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics