Go With the Flow: Clustering Dynamically-Defined NetFlow Features for Network Intrusion Detection with DYNIDS

被引:1
|
作者
Dias, Luis [1 ,2 ]
Valente, Simao [1 ,2 ]
Correia, Miguel [2 ]
机构
[1] Inst Univ Mil, Acad Mil, CINAMIL, Lisbon, Portugal
[2] Univ Lisbon, Inst Super Tecn, INESC ID, Lisbon, Portugal
来源
2020 IEEE 19TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA) | 2020年
关键词
network intrusion detection; clustering; feature engineering; security analytics; ANOMALY DETECTION;
D O I
10.1109/nca51143.2020.9306732
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The paper presents DYNIDS, a network intrusion detection approach that flags malicious activity without previous knowledge about attacks or training data. DYNIDS dynamically defines and extracts features from network data, and uses clustering algorithms to aggregate hosts with similar behavior. All previous clustering-based network intrusion detection approaches use a static set of features, restricting their ability to detect certain attacks. Instead, we use a set of features defined dynamically, at runtime, avoiding that restriction without falling into the curse of dimensionality, something that we believe is essential for the adoption of this kind of approaches. We evaluated DYNIDS experimentally with an evaluation and a real-world dataset, obtaining better F-Score than alternative solutions.
引用
收藏
页数:10
相关论文
共 50 条
  • [21] Intrusion Detection Using Clustering of Network Traffic Flows
    Bailey, Matthew
    Collins, Connor
    Sinda, Matthew
    Hu, Gongzhu
    2017 18TH IEEE/ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCE, NETWORKING AND PARALLEL/DISTRIBUTED COMPUTING (SNDP 2017), 2017, : 615 - 620
  • [22] Feedback based Sampling for Intrusion Detection in Software Defined Network
    Shi, Jiangyong
    Zeng, Yingzhi
    Wang, Wenhao
    Yang, Yuexiang
    ICCSP 2018: PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON CRYPTOGRAPHY, SECURITY AND PRIVACY, 2018, : 95 - 99
  • [23] Intrusion Detection System based on Software Defined Network Firewall
    Sayeed, Mohd Abuzar
    Sayeed, Mohd Asim
    Saxena, Sharad
    2015 1ST INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING TECHNOLOGIES (NGCT), 2015, : 379 - 382
  • [24] Rule based Intrusion Detection System by Using Statistical Flow Analysis Technique for Software Defined Network
    Ejaz, Mahnoor
    Sohail, Osama
    Naqash, Talha
    ul Abideen, Zain
    Shah, Sajjad Hussain
    ICAROB 2019: PROCEEDINGS OF THE 2019 INTERNATIONAL CONFERENCE ON ARTIFICIAL LIFE AND ROBOTICS, 2019, : 687 - 692
  • [25] Alarm Analysis on Intrusion Detection of Network Flow
    Liu Yanshu
    Cao Yujun
    Lei Jiping
    INTELLIGENCE COMPUTATION AND EVOLUTIONARY COMPUTATION, 2013, 180 : 849 - 853
  • [26] NETWORK INTRUSION DETECTION USING FLOW STATISTICS
    Atli, Buse Gul
    Miche, Yoan
    Jung, Alexander
    2018 IEEE STATISTICAL SIGNAL PROCESSING WORKSHOP (SSP), 2018, : 70 - 74
  • [27] Combining Cisco NetFlow exports with relational database technology for usage statistics, intrusion detection, and network forensics
    Navarro, JP
    Nickless, B
    Winkler, L
    USENIX ASSOCIATION PROCEEDINGS OF THE FOURTEENTH SYSTEMS ADMINISTRATION CONFERENCE (LISA XIV), 2000, : 285 - 290
  • [28] Application of Support Vector Clustering algorithm to network intrusion detection
    Xu, BG
    Zhang, A
    PROCEEDINGS OF THE 2005 INTERNATIONAL CONFERENCE ON NEURAL NETWORKS AND BRAIN, VOLS 1-3, 2005, : 1036 - 1040
  • [29] An artificial immune clustering approach to unsupervised network intrusion detection
    Wang Sifei
    Xu Jiayi
    PROCEEDINGS OF THE FIRST INTERNATIONAL SYMPOSIUM ON DATA, PRIVACY, AND E-COMMERCE, 2007, : 511 - 513
  • [30] Intrusion Detection based on ART and Artificial Immune Network Clustering
    Liu, F
    Bai, L
    Jiao, LC
    ADVANCES IN NATURAL COMPUTATION, PT 2, PROCEEDINGS, 2005, 3611 : 780 - 783
12345