Por favor, use este identificador para citar o enlazar este ítem: http://hdl.handle.net/10259/7266
Título
Clustering extension of MOVICAB-IDS to distinguish intrusions in flow-based data
Publicado en
Logic Journal of the IGPL. 2017, V. 25, n. 1, p. 83-102
Editorial
Oxford University Press
Fecha de publicación
2017-02
ISSN
1367-0751
DOI
10.1093/jigpal/jzw047
Abstract
Much effort has been devoted to research on intrusion detection (ID) in recent years because intrusion strategies and technologies are constantly and quickly evolving. As an innovative solution based on visualization, MObile VIsualisation Connectionist Agent-Based IDS was previously proposed, conceived as a hybrid-intelligent ID System. It was designed to analyse
continuous network data at a packet level and is extended in present paper for the analysis of flow-based traffic data. By
incorporating clustering techniques to the original proposal, network flows are investigated trying to identify different types
of attacks. The analysed real-life data (the well-known dataset from the University of Twente) come from a honeypot directly
connected to the Internet (thus ensuring attack-exposure) and is analysed by means of clustering and neural techniques, individually and in conjunction. Promising results are obtained, proving the validity of the proposed extension for the analysis
of network flow data
Palabras clave
Network intrusion detection
Network flow
Neural projection
Clustering
MOVICAB-IDS
Materia
Informática
Computer science
Versión del editor
Collections