Abstract
Classification of real time multicast data using payload-based analysis is becoming increasingly difficult with many applications that a network supports. In this paper, we set our goal to identify the recurrent patterns and classification of transport layer data, as an effective measure of anomaly-based intrusion detection. These patterns are identified by using association rules techniques such as Apriori and clustering algorithms. A simulation experiment was configured to verify the efficacy of the algorithms. We are able to find an association between flow parameters for network traffic from the simulated data. This paper contributes a possible approach of analyzing behavior patterns for building a network traffic intrusion detection system and firewall at Transport layer, by using unsupervised association rule mining and clustering techniques.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chaudhary, U.K., Papapanagiotou, I., Devetsikiotis, M.: Flow Classification Using Clustering and Association Rule Mining (2010)
Erman, J., Arlitt, M., Mahanti, A.: Traffic Classification Using Clustering Algorithms. In: MineNet 2006 Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data (2006)
Guan, Y., Ghorbani, A.A., Belacel, N.: Y-MEANS: A Clustering Method for Intrusion Detection. In: Canadian Conference on Electrical and Computer Engineering CCECE, vol. 2, pp. 1083–1086 (2003)
Patcha, A., Park, J.-M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks (2007)
Smaha, S.E., Haystack.: An Intrusion Detection System. In: Proceedings of the IEEE Fourth Aerospace Computer Security Applications Conference, Orlando, FL, pp. 37–44 (1988)
Anderson, D., Frivold, T., Tamaru, A., Valdes, A.: Next Generation Intrusion Detection Expert System (NIDES). Software Users Manual, Beta-Update release, Computer Science Laboratory, SRI International, Menlo Park, CA, USA, Technical Report SRI-CSL-95-0 (May 1994)
Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical Automated Detection of Stealthy Portscans. Journal of Computer Security 10, 105–136 (2002)
Ye, N., Emran, S.M., Chen, Q., Vilbert, S.: Multivariate Statistical Analysis of Audit Trails For Host-Based Intrusion Detection. IEEE Transactions on Computers 51, 810–820 (2002)
Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.-N., Kumar, V., Srivastava, J., Dokas, P.: The MINDS - Minnesota Intrusion Detection System. In: Next Generation Data Mining. MIT Press, Boston (2004)
Barbara´, D., Couto, J., Jajodia, S., Wu, N.: ADAM: a Testbed for Exploring the Use of Data Mining in Intrusion Detection. ACM SIGMOD Record: SPECIAL ISSUE: Special Section on Data Mining for Intrusion Detection and Threat Analysis 30, 15–24 (2001)
Dickerson, J.E., Dickerson, J.A.: Fuzzy Network Profiling for Intrusion Detection. In: Proceedings of the 19th International Conference of the North American Fuzzy Information Processing Society (NAFIPS), Atlanta, GA, pp. 301–306 (2000)
Mahoney, M.V., Chan, P.K.: PHAD Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Department of Computer Sciences, Florida Institute of Technology, Melbourne, FL, USA, Technical Report CS- 2001-4 (April 2001)
Mahoney, M.V., Chan, P.K.: Learning Non Stationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, pp. 376–385 (2002)
Valdes, A., Skinner, K.: Adaptive Model-Based Monitoring for Cyber Attack Detection. In: Recent Advances in Intrusion Detection Toulouse, France, pp. 80–92 (2000)
Liu, Y., Li, Y., Man, H.: A Hybrid Data Mining Anomaly Detection Technique in Ad Hoc Networks. Int. J. Wireless and Mobile Computing 2(1) (2007)
Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 7th USENIX Security Symposium (SECURITY 1998), Berkeley, CA, USA, pp. 79–94 (1998)
Ramadas, M., Tjaden, S.O.B.: Detecting Anomalous Network Traffic with Self-Organizing Maps. In: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, pp. 36–54 (2003)
Hoang, X.D., Hu, J., Bertok, P.: A Multi-layer Model for Anomaly Intrusion Detection Using Program Sequences of System Calls. In: The 11th IEEE International Conference on Networks, ICON 2003, pp. 531–536 (2003)
Bouras, C., Gkamas, A., Kioumourtzis, G.: Adaptive Smooth Multicast Protocol for Multimedia Data Transmission. In: 2008 International Symposium on Performance Evaluation of Computer and Telecommunication Systems – SPECTS 2008, Edinburgh, UK, pp. 16–18 (June 2008)
Padhye, et al.: A model based TCP - friendly rate control protocol. In: Proc. International Workshop on Network (1999)
Legout, A., Biersack, E.W.: PLM: Fast Convergence for Cumulative Layered Multicast Transmission. In: Proceedings of ACM SIGMETRICS 2000, pp. 13–22 (2000)
Borgelt, C., Kruse, R.: Induction of association rules: Apriori implementation. In: Proceedings of the 15th Symposium on Computational Statistics, p. 395. Physica Verlag, Berlin (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naz, S., Asghar, S., Fong, S., Qayyum, A. (2011). Multi-way Association Clustering Analysis on Adaptive Real-Time Multicast Data. In: Fong, S. (eds) Networked Digital Technologies. NDT 2011. Communications in Computer and Information Science, vol 136. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22185-9_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-22185-9_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22184-2
Online ISBN: 978-3-642-22185-9
eBook Packages: Computer ScienceComputer Science (R0)