Much effort has been devoted to research on intrusion detection (ID) in recent years because intrusion strategies and technologies are constantly and quickly evolving. As an innovative solution based on visualization, MObile VIsualisation Connectionist Agent-Based IDS was previously proposed, conceived as a hybrid-intelligent ID System. It was designed to analyse
continuous network data at a packet level and is extended in present paper for the analysis of flow-based traffic data. By
incorporating clustering techniques to the original proposal, network flows are investigated trying to identify different types
of attacks. The analysed real-life data (the well-known dataset from the University of Twente) come from a honeypot directly
connected to the Internet (thus ensuring attack-exposure) and is analysed by means of clustering and neural techniques, individually and in conjunction. Promising results are obtained, proving the validity of the proposed extension for the analysis
of network flow data
