RT info:eu-repo/semantics/article
T1 Clustering extension of MOVICAB-IDS to distinguish intrusions in flow-based data
A1 Sánchez, Raúl
A1 Herrero Cosío, Álvaro
A1 Corchado, Emilio
K1 Network intrusion detection
K1 Network flow
K1 Neural projection
K1 Clustering
K1 MOVICAB-IDS
K1 Informática
K1 Computer science
AB Much effort has been devoted to research on intrusion detection (ID) in recent years because intrusion strategies and technologies are constantly and quickly evolving. As an innovative solution based on visualization, MObile VIsualisation Connectionist Agent-Based IDS was previously proposed, conceived as a hybrid-intelligent ID System. It was designed to analysecontinuous network data at a packet level and is extended in present paper for the analysis of flow-based traffic data. Byincorporating clustering techniques to the original proposal, network flows are investigated trying to identify different typesof attacks. The analysed real-life data (the well-known dataset from the University of Twente) come from a honeypot directlyconnected to the Internet (thus ensuring attack-exposure) and is analysed by means of clustering and neural techniques, individually and in conjunction. Promising results are obtained, proving the validity of the proposed extension for the analysisof network flow data
PB Oxford University Press
SN 1367-0751
YR 2017
FD 2017-02
LK http://hdl.handle.net/10259/7266
UL http://hdl.handle.net/10259/7266
LA eng
DS Repositorio Institucional de la Universidad de Burgos
RD 26-abr-2024