Go With the Flow: Clustering Dynamically-Defined NetFlow Features for Network Intrusion Detection with DYNIDS

被引：1

作者：

Dias, Luis ^{[1
,2
]}

Valente, Simao ^{[1
,2
]}

Correia, Miguel ^{[2
]}

机构：

[1] Inst Univ Mil, Acad Mil, CINAMIL, Lisbon, Portugal

[2] Univ Lisbon, Inst Super Tecn, INESC ID, Lisbon, Portugal

来源：

2020 IEEE 19TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA) | 2020年

关键词：

network intrusion detection; clustering; feature engineering; security analytics; ANOMALY DETECTION;

D O I：

10.1109/nca51143.2020.9306732

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The paper presents DYNIDS, a network intrusion detection approach that flags malicious activity without previous knowledge about attacks or training data. DYNIDS dynamically defines and extracts features from network data, and uses clustering algorithms to aggregate hosts with similar behavior. All previous clustering-based network intrusion detection approaches use a static set of features, restricting their ability to detect certain attacks. Instead, we use a set of features defined dynamically, at runtime, avoiding that restriction without falling into the curse of dimensionality, something that we believe is essential for the adoption of this kind of approaches. We evaluated DYNIDS experimentally with an evaluation and a real-world dataset, obtaining better F-Score than alternative solutions.

引用

页数：10

共 50 条

[1] Statistical model applied to NetFlow for network intrusion detection
Proto A.
Alexandre L.A.
Batista M.L.
Oliveira I.L.
Cansian A.M.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2010, 6480 (PART 2): : 179 - 191
[2] Flow Based Network Intrusion Detection System using Hardware-Accelerated NetFlow Probes
Bartos, Karel
Grill, Martin
Krmicek, Vojtech
Rehak, Martin
Celeda, Pavel
CESNET CONFERENCE 2008-SECURITY, MIDDLEWARE, AND VIRTUALIZATION-GLUE OF FUTURE NETWORKS, 2008, : 49 - 56
[3] Encoded Flow Features for Network Intrusion Detection in Internet of Things
Siddiqui, Abdul Jabbar
Boukerche, Azzedine
2020 IEEE 17TH ANNUAL CONSUMER COMMUNICATIONS & NETWORKING CONFERENCE (CCNC 2020), 2020,
[4] Adaptive clustering for network intrusion detection
Oldmeadow, J
Ravinutala, S
Leckie, C
ADVANCES IN KNOWLEDGE DISCOVERY AND DATA MINING, PROCEEDINGS, 2004, 3056 : 255 - 259
[5] Network traffic clustering for intrusion detection
Arina, Nikishova
Irina, Ananina
Evgeny, Ananin
PROCEEDINGS OF THE IV INTERNATIONAL RESEARCH CONFERENCE INFORMATION TECHNOLOGIES IN SCIENCE, MANAGEMENT, SOCIAL SPHERE AND MEDICINE (ITSMSSM 2017), 2017, 72 : 252 - 256
[6] Analysis of NetFlow Features' Importance in Malicious Network Traffic Detection
Campazas-Vega, Adrian
Samuel Crespo-Martinez, Ignacio
Manuel Guerrero-Higueras, Angel
Alvarez-Aparicio, Claudia
Matellan, Vicente
14TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE IN SECURITY FOR INFORMATION SYSTEMS AND 12TH INTERNATIONAL CONFERENCE ON EUROPEAN TRANSNATIONAL EDUCATIONAL (CISIS 2021 AND ICEUTE 2021), 2022, 1400 : 52 - 61
[7] A clustering approach to wireless network intrusion detection
Zhong, S
Khoshgoftaar, TM
Nath, SV
ICTAI 2005: 17TH IEEE INTERNATIONAL CONFERENCE ON TOOLS WITH ARTIFICIAL INTELLIGENCE, PROCEEDINGS, 2005, : 190 - 196
[8] CLUSTERING-BASED NETWORK INTRUSION DETECTION
Zhong, Shi
Khoshgoftaar, Taghi M.
Seliya, Naeem
INTERNATIONAL JOURNAL OF RELIABILITY QUALITY AND SAFETY ENGINEERING, 2007, 14 (02) : 169 - 187
[9] Research On Clustering Technique In Network Intrusion Detection
Cui, Kuiyong
2012 INTERNATIONAL CONFERENCE ON INDUSTRIAL CONTROL AND ELECTRONICS ENGINEERING (ICICEE), 2012, : 1203 - 1205
[10] The Comparison of Clustering Algorithms for Network Intrusion Detection
Tong, Hongyan
Zhu, Anmin
Guo, Yanmei
INTERNATIONAL CONFERENCE ON ELECTRICAL AND CONTROL ENGINEERING (ICECE 2015), 2015, : 702 - 707

← 1 2 3 4 5 →