RT info:eu-repo/semantics/article T1 Clustering extension of MOVICAB-IDS to distinguish intrusions in flow-based data A1 Sánchez, Raúl A1 Herrero Cosío, Álvaro A1 Corchado, Emilio K1 Network intrusion detection K1 Network flow K1 Neural projection K1 Clustering K1 MOVICAB-IDS K1 Informática K1 Computer science AB Much effort has been devoted to research on intrusion detection (ID) in recent years because intrusion strategies and technologies are constantly and quickly evolving. As an innovative solution based on visualization, MObile VIsualisation Connectionist Agent-Based IDS was previously proposed, conceived as a hybrid-intelligent ID System. It was designed to analysecontinuous network data at a packet level and is extended in present paper for the analysis of flow-based traffic data. Byincorporating clustering techniques to the original proposal, network flows are investigated trying to identify different typesof attacks. The analysed real-life data (the well-known dataset from the University of Twente) come from a honeypot directlyconnected to the Internet (thus ensuring attack-exposure) and is analysed by means of clustering and neural techniques, individually and in conjunction. Promising results are obtained, proving the validity of the proposed extension for the analysisof network flow data PB Oxford University Press SN 1367-0751 YR 2017 FD 2017-02 LK http://hdl.handle.net/10259/7266 UL http://hdl.handle.net/10259/7266 LA eng DS Repositorio Institucional de la Universidad de Burgos RD 23-nov-2024