Skip to main content
Springer Nature Link
Log in

Clustering for Intrusion Detection: Network Scans as a Case of Study

  • Conference paper
International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 189))

  • 1916 Accesses

Abstract

MOVICAB-IDS has been previously proposed as a hybrid intelligent Intrusion Detection System (IDS). This on-going research aims to be one step towards adding automatic response to this visualization-based IDS by means of clustering techniques. As a sample case of study for the proposed clustering extension, it has been applied to the identification of different network scans. The aim is checking whether clustering and projection techniques could be compatible and consequently applied to a continuous network flow for intrusion detection. A comprehensive experimental study has been carried out on previously generated real-life data sets. Empirical results suggest that projection and clustering techniques could work in unison to enhance MOVICAB-IDS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Computer Security Threat Monitoring and Surveillance. Technical Report. James P. Anderson Co. (1980)

    Google Scholar 

  2. Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13, 222–232 (1987)

    Article  Google Scholar 

  3. Chih-Fong, T., Yu-Feng, H., Chia-Ying, L., Wei-Yang, L.: Intrusion Detection by Machine Learning: A Review. Expert Systems with Applications 36, 11994–12000 (2009)

    Article  Google Scholar 

  4. Herrero, Á., Corchado, E.: Mining Network Traffic Data for Attacks through MOVICAB-IDS. In: Abraham, A., Hassanien, A.-E., de Carvalho, A.P. (eds.) Foundations of Computational Intelligence Volume 4. SCI, vol. 204, pp. 377–394. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Corchado, E., Herrero, Á.: Neural Visualization of Network Traffic Data for Intrusion Detection. Applied Soft Computing 11, 2042–2056 (2011)

    Article  Google Scholar 

  6. Abdullah, K., Lee, C., Conti, G., Copeland, J.A.: Visualizing Network Data for Intrusion Detection. In: Sixth Annual IEEE Information Assurance Workshop - Systems, Man and Cybernetics, pp. 100–108 (2005)

    Google Scholar 

  7. Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. International Journal of Pattern Recognition and Artificial Intelligence 17, 1447–1466 (2003)

    Article  Google Scholar 

  8. Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23, 881–890 (1974)

    Article  MATH  Google Scholar 

  9. Corchado, E., Corchado, J.M., Sáiz, L., Lara, A.M.: Constructing a Global and Integral Model of Business Management Using a CBR System. In: Luo, Y. (ed.) CDVE 2004. LNCS, vol. 3190, pp. 141–147. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: 10th European Symposium on Artificial Neural Networks (ESANN 2002), pp. 143–148 (2002)

    Google Scholar 

  11. Corchado, E., Han, Y., Fyfe, C.: Structuring Global Responses of Local Filters Using Lateral Connections. Journal of Experimental & Theoretical Artificial Intelligence 15, 473–487 (2003)

    Article  MATH  Google Scholar 

  12. Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. In: Advances in Neural Information Processing Systems, vol. 10, pp. 350–356 (1998)

    Google Scholar 

  13. Jain, A.K., Murthy, M.N., Flynn, P.J.: Data Clustering: A Review. ACM Computing Surveys 31 (1999)

    Google Scholar 

  14. Anderberg, M.R.: Cluster Analysis for Applications. Academic Press, Inc., New York (1973)

    MATH  Google Scholar 

  15. Jain, A.K., Dubles, R.C.: Algorithms for Clustering Data. Prentice-Hall Advanced Reference Series. Prentice-Hall, Inc., Upper Saddle River (1988)

    MATH  Google Scholar 

  16. Diday, E., Simon, J.C.: Clustering Analysis. In: Fu, K.S. (ed.) Digital Pattern Recognition, pp. 47–94. Springer, Secaucus (1976)

    Chapter  Google Scholar 

  17. Michalski, R., Stepp, R.E., Diday, E.: Automated construction of classifications: conceptual clustering versus numerical taxonomy. IEEE Trans. Pattern Anal. Mach. Intell. PAMI-5(5), 396–409 (1983)

    Article  Google Scholar 

  18. Mao, J., Jones, A.K.: A self-organizing network for hyperellipsoidal clustering (HEC). IEEE Trans. Neural Netw. 7, 16–29 (1996)

    Article  Google Scholar 

  19. McQueen, J.: Some methods for classification and analysis of multivariate observacions. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, pp. 281–297 (1967)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Civil Engineering, University of Burgos, Spain, C/ Francisco de Vitoria s/n, 09006, Burgos, Spain

    Raúl Sánchez & Álvaro Herrero

  2. Departamento de Informática y Automática, Universidad de Salamanca, Plaza de la Merced, s/n, 37008, Salamanca, Spain

    Emilio Corchado

Authors
  1. Raúl Sánchez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Álvaro Herrero
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emilio Corchado
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raúl Sánchez .

Editor information

Editors and Affiliations

  1. , Department of Civil Engineering, University of Burgos, Campus Vena (Edif.C), C/ Francisco de Vitoria, s/n, Burgos, 09006, Spain

    Álvaro Herrero

  2. VŠB-TU Ostrava, 17. listopadu 15, Ostrava, 70833, Czech Republic

    Václav Snášel

  3. MIR Labs, Scientific Network for Innovation, Machine Intelligence Research Labs, Auburn, 98071, USA

    Ajith Abraham

  4. VŠB-TU Ostrava, 17. listopadu 15, Ostrava, 70833, Czech Republic

    Ivan Zelinka

  5. , Department of Civil Engineering, University of Burgos, Campus Vena (Edif.C), C/ Francisco de Vitoria, s/n, Burgos, 09006, Spain

    Bruno Baruque

  6. Universidad de Salamanca, Plaza de la Merced S/N, Salamanca, 37008, Spain

    Héctor Quintián

  7. University of Coruña, Avda. 19 de febrero, s/n, Coruña, 15405 A, Spain

    José Luis Calvo

  8. y León, Pol. Ind. Villalonquéjar, Instituto Tecnológico de Castilla, Lopez Bravo 70, Burgos, 09001, Spain

    Javier Sedano

  9. Universidad de Salamanca, Plaza de la Merced S/N, Salamanca, 37008, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sánchez, R., Herrero, Á., Corchado, E. (2013). Clustering for Intrusion Detection: Network Scans as a Case of Study. In: Herrero, Á., et al. International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions. Advances in Intelligent Systems and Computing, vol 189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33018-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33018-6_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33017-9

  • Online ISBN: 978-3-642-33018-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics