Abstract
This document presents a technique of traffic analysis, looking for attempted intrusion and information attacks. A traffic classifier aggregates packets in clusters by means of an adapted genetic algorithm. In a network with traffic homogenous over the time, clusters do not vary in number and characteristics. In the event of attacks or introduction of new applications the clusters change in number and characteristics. The set of data processed for the test are extracted from traffic DARPA, provided by MIT Lincoln Labs and commonly used to test effectiveness and efficiency of systems for Intrusion Detection. The target events of the trials are Denial of Service and Reconaissance. The experimental evidence shows that, even with an input of unrefined data, the algorithm is able to classify, with discrete accuracy, malicious events.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rouil, Chevrollier, Golmie: Unsupervised anomaly detection system using next-generation router architecture (2005)
Leon, Nasraoui, Gomez: Anomaly detection based on unsupervised niche clustering with application to network intrusion detection
Cerbara, I.: Cenni sulla cluster analysis (1999)
Lee, S.: A framework for constructing features and models for intrusion detection systems (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lieto, G., Orsini, F., Pagano, G. (2009). Cluster Analysis for Anomaly Detection. In: Corchado, E., Zunino, R., Gastaldo, P., Herrero, Á. (eds) Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS’08. Advances in Soft Computing, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88181-0_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-88181-0_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88180-3
Online ISBN: 978-3-540-88181-0
eBook Packages: EngineeringEngineering (R0)