Go With the Flow: Clustering Dynamically-Defined NetFlow Features for Network Intrusion Detection with DYNIDS

被引:1
|
作者
Dias, Luis [1 ,2 ]
Valente, Simao [1 ,2 ]
Correia, Miguel [2 ]
机构
[1] Inst Univ Mil, Acad Mil, CINAMIL, Lisbon, Portugal
[2] Univ Lisbon, Inst Super Tecn, INESC ID, Lisbon, Portugal
来源
2020 IEEE 19TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA) | 2020年
关键词
network intrusion detection; clustering; feature engineering; security analytics; ANOMALY DETECTION;
D O I
10.1109/nca51143.2020.9306732
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The paper presents DYNIDS, a network intrusion detection approach that flags malicious activity without previous knowledge about attacks or training data. DYNIDS dynamically defines and extracts features from network data, and uses clustering algorithms to aggregate hosts with similar behavior. All previous clustering-based network intrusion detection approaches use a static set of features, restricting their ability to detect certain attacks. Instead, we use a set of features defined dynamically, at runtime, avoiding that restriction without falling into the curse of dimensionality, something that we believe is essential for the adoption of this kind of approaches. We evaluated DYNIDS experimentally with an evaluation and a real-world dataset, obtaining better F-Score than alternative solutions.
引用
收藏
页数:10
相关论文
共 50 条
  • [1] Flow Based Network Intrusion Detection System using Hardware-Accelerated NetFlow Probes
    Bartos, Karel
    Grill, Martin
    Krmicek, Vojtech
    Rehak, Martin
    Celeda, Pavel
    CESNET CONFERENCE 2008-SECURITY, MIDDLEWARE, AND VIRTUALIZATION-GLUE OF FUTURE NETWORKS, 2008, : 49 - 56
  • [2] Network traffic clustering for intrusion detection
    Arina, Nikishova
    Irina, Ananina
    Evgeny, Ananin
    PROCEEDINGS OF THE IV INTERNATIONAL RESEARCH CONFERENCE INFORMATION TECHNOLOGIES IN SCIENCE, MANAGEMENT, SOCIAL SPHERE AND MEDICINE (ITSMSSM 2017), 2017, 72 : 252 - 256
  • [3] Clustering for Intrusion Detection: Network Scans as a Case of Study
    Sanchez, Raul
    Herrero, Alvaro
    Corchado, Emilio
    INTERNATIONAL JOINT CONFERENCE CISIS'12 - ICEUTE'12 - SOCO'12 SPECIAL SESSIONS, 2013, 189 : 33 - +
  • [4] Clustering and Neural Visualization for Flow-Based Intrusion Detection
    Sanchez, Raul
    Herrero, Alvaro
    Corchado, Emilio
    INTERNATIONAL JOINT CONFERENCE: CISIS'15 AND ICEUTE'15, 2015, 369 : 333 - 345
  • [5] CLUSTERING-BASED NETWORK INTRUSION DETECTION
    Zhong, Shi
    Khoshgoftaar, Taghi M.
    Seliya, Naeem
    INTERNATIONAL JOURNAL OF RELIABILITY QUALITY AND SAFETY ENGINEERING, 2007, 14 (02) : 169 - 187
  • [6] Research On Clustering Technique In Network Intrusion Detection
    Cui, Kuiyong
    2012 INTERNATIONAL CONFERENCE ON INDUSTRIAL CONTROL AND ELECTRONICS ENGINEERING (ICICEE), 2012, : 1203 - 1205
  • [7] Network Intrusion Detection by Variational Component-Based Feature Saliency Gaussian Mixture Clustering
    Hong, Xin
    Papazachos, Zafeirios
    del Rincon, Jesus Martinez
    Miller, Paul
    COMPUTER SECURITY. ESORICS 2023 INTERNATIONAL WORKSHOPS, CPS4CIP, PT II, 2024, 14399 : 761 - 772
  • [8] Clustering-Based Network Intrusion Detection System
    Fan, Chun-I
    Lai, Yen-Lin
    Shie, Cheng-Han
    2022 5TH IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING (IEEE DSC 2022), 2022,
  • [9] Hyper clustering model for dynamic network intrusion detection
    Alfoudi, Ali Saeed
    Aziz, Mohammad R.
    Alyasseri, Zaid Abdi Alkareem
    Alsaeedi, Ali Hakem
    Nuiaa, Riyadh Rahef
    Mohammed, Mazin Abed
    Abdulkareem, Karrar Hameed
    Jaber, Mustafa Musa
    IET COMMUNICATIONS, 2022,
  • [10] Network Intrusion Detection Model With Clustering Ensemble Method
    Chen, Liang-Wei
    INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2015, 9 (11): : 239 - 250
12345