Go With the Flow: Clustering Dynamically-Defined NetFlow Features for Network Intrusion Detection with DYNIDS

被引：3

作者：

Dias, Luis ^{[1
,2
]}

Valente, Simao ^{[1
,2
]}

Correia, Miguel ^{[2
]}

机构：

[1] Inst Univ Mil, Acad Mil, CINAMIL, Lisbon, Portugal

[2] Univ Lisbon, Inst Super Tecn, INESC ID, Lisbon, Portugal

来源：

2020 IEEE 19TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA) | 2020年

关键词：

network intrusion detection; clustering; feature engineering; security analytics; ANOMALY DETECTION;

D O I：

10.1109/nca51143.2020.9306732

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The paper presents DYNIDS, a network intrusion detection approach that flags malicious activity without previous knowledge about attacks or training data. DYNIDS dynamically defines and extracts features from network data, and uses clustering algorithms to aggregate hosts with similar behavior. All previous clustering-based network intrusion detection approaches use a static set of features, restricting their ability to detect certain attacks. Instead, we use a set of features defined dynamically, at runtime, avoiding that restriction without falling into the curse of dimensionality, something that we believe is essential for the adoption of this kind of approaches. We evaluated DYNIDS experimentally with an evaluation and a real-world dataset, obtaining better F-Score than alternative solutions.

引用

页数：10

共 50 条

[1] Rigid geometry solves "curse of dimensionality" effects in clustering methods: An application to omics data [J].

Adachi, Shun .

PLOS ONE, 2017, 12 (06)

[2]

Ankerst M, 1999, SIGMOD RECORD, VOL 28, NO 2 - JUNE 1999, P49

[3]

[Anonymous], 1961, Adaptive Control Processes: a Guided Tour, DOI DOI 10.1515/9781400874668

[4]

[Anonymous], 2008, BOTMINER CLUSTERING

[5]

[Anonymous], 2015, Ann Data Sci, DOI DOI 10.1007/S40745-015-0040-1

[6]

[Anonymous], 2009, ELEMENTS STAT LEARNI, DOI 10.1007/978-0-387-84858-7

[7]

[Anonymous], Internet Assigned Names Authority

[8]

Beeferman D., 2000, Proceedings. KDD-2000. Sixth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, P407, DOI 10.1145/347090.347176

[9]

Bhuyan M.H., 2011, Proceedings of the International Conference on Communication, Computing Security, P531

[10] A multi-step outlier-based anomaly detection approach to network-wide traffic [J].

Bhuyan, Monowar H. ;

Bhattacharyya, D. K. ;

Kalita, J. K. .

INFORMATION SCIENCES, 2016, 348 :243-271

← 1 2 3 4 5 →