Go With the Flow: Clustering Dynamically-Defined NetFlow Features for Network Intrusion Detection with DYNIDS

被引：1

作者：

Dias, Luis ^{[1
,2
]}

Valente, Simao ^{[1
,2
]}

Correia, Miguel ^{[2
]}

机构：

[1] Inst Univ Mil, Acad Mil, CINAMIL, Lisbon, Portugal

[2] Univ Lisbon, Inst Super Tecn, INESC ID, Lisbon, Portugal

来源：

2020 IEEE 19TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA) | 2020年

关键词：

network intrusion detection; clustering; feature engineering; security analytics; ANOMALY DETECTION;

D O I：

10.1109/nca51143.2020.9306732

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The paper presents DYNIDS, a network intrusion detection approach that flags malicious activity without previous knowledge about attacks or training data. DYNIDS dynamically defines and extracts features from network data, and uses clustering algorithms to aggregate hosts with similar behavior. All previous clustering-based network intrusion detection approaches use a static set of features, restricting their ability to detect certain attacks. Instead, we use a set of features defined dynamically, at runtime, avoiding that restriction without falling into the curse of dimensionality, something that we believe is essential for the adoption of this kind of approaches. We evaluated DYNIDS experimentally with an evaluation and a real-world dataset, obtaining better F-Score than alternative solutions.

引用

页数：10

共 50 条

[31] A semi-supervised clustering algorithm for network intrusion detection
Wei X.-T.
Huang H.-K.
Tian S.-F.
Tiedao Xuebao/Journal of the China Railway Society, 2010, 32 (01): : 49 - 53
[32] Relative network entropy based clustering algorithm for intrusion detection
Qian, Quan
Wang, Tianhong
Zhan, Rui
International Journal of Network Security, 2013, 15 (01) : 16 - 22
[33] Applying an Improved DBSCAN Clustering Algorithm to Network Intrusion Detection
Yao, Shunyu
Xu, Hui
Yan, Lingyu
Su, Jun
PROCEEDINGS OF THE 11TH IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT DATA ACQUISITION AND ADVANCED COMPUTING SYSTEMS: TECHNOLOGY AND APPLICATIONS (IDAACS'2021), VOL 2, 2021, : 865 - 868
[34] Intrusion detection in network flows based on an optimized clustering criterion
Karimpour, Jaber
Lotfi, Shahriar
Tajari Siahmarzkooh, Aliakbar
TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES, 2017, 25 (03) : 1963 - 1975
[35] Clustering and Neural Visualization for Flow-Based Intrusion Detection
Sanchez, Raul
Herrero, Alvaro
Corchado, Emilio
INTERNATIONAL JOINT CONFERENCE: CISIS'15 AND ICEUTE'15, 2015, 369 : 333 - 345
[36] Anomaly-Based Intrusion Detection From Network Flow Features Using Variational Autoencoder
Zavrak, Sultan
Iskefiyeli, Murat
IEEE ACCESS, 2020, 8 : 108346 - 108358
[37] Anomaly detection based on unsupervised niche clustering with application to network intrusion detection
Leon, E
Nasraoui, F
Gomez, J
CEC2004: PROCEEDINGS OF THE 2004 CONGRESS ON EVOLUTIONARY COMPUTATION, VOLS 1 AND 2, 2004, : 502 - 508
[38] Intrusion detection in software defined network using deep learning approaches
Ataa, M. Sami
Sanad, Eman E.
El-khoribi, Reda A.
SCIENTIFIC REPORTS, 2024, 14 (01):
[39] Intrusion Detection in Software Defined Network Using Deep Learning Approach
Susilo, Bambang
Sari, Riri Fitri
2021 IEEE 11TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE (CCWC), 2021, : 807 - 812
[40] Deep Learning Approach for Network Intrusion Detection in Software Defined Networking
Tang, Tuan A.
Mhamdi, Lotfi
McLernon, Des
Zaidi, Syed Ali Raza
Ghogho, Mounir
2016 INTERNATIONAL CONFERENCE ON WIRELESS NETWORKS AND MOBILE COMMUNICATIONS (WINCOM), 2016, : P258 - P263

← 1 2 3 4 5 →