Go With the Flow: Clustering Dynamically-Defined NetFlow Features for Network Intrusion Detection with DYNIDS

被引：1

作者：

Dias, Luis ^{[1
,2
]}

Valente, Simao ^{[1
,2
]}

Correia, Miguel ^{[2
]}

机构：

[1] Inst Univ Mil, Acad Mil, CINAMIL, Lisbon, Portugal

[2] Univ Lisbon, Inst Super Tecn, INESC ID, Lisbon, Portugal

来源：

2020 IEEE 19TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA) | 2020年

关键词：

network intrusion detection; clustering; feature engineering; security analytics; ANOMALY DETECTION;

D O I：

10.1109/nca51143.2020.9306732

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The paper presents DYNIDS, a network intrusion detection approach that flags malicious activity without previous knowledge about attacks or training data. DYNIDS dynamically defines and extracts features from network data, and uses clustering algorithms to aggregate hosts with similar behavior. All previous clustering-based network intrusion detection approaches use a static set of features, restricting their ability to detect certain attacks. Instead, we use a set of features defined dynamically, at runtime, avoiding that restriction without falling into the curse of dimensionality, something that we believe is essential for the adoption of this kind of approaches. We evaluated DYNIDS experimentally with an evaluation and a real-world dataset, obtaining better F-Score than alternative solutions.

引用

页数：10

共 50 条

[41] Unsupervised Anomaly Detection for Network Flow Using Immune Network Based K-means Clustering
Shi, Yuanquan
Peng, Xiaoning
Li, Renfa
Zhang, Yu
DATA SCIENCE, PT 1, 2017, 727 : 386 - 399
[42] Hierarchical Clustering Based Network Traffic Data Reduction for Improving Suspicious Flow Detection
Su, Liya
Yao, Yepeng
Li, Ning
Liu, Junrong
Lu, Zhigang
Liu, Baoxu
2018 17TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (IEEE TRUSTCOM) / 12TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (IEEE BIGDATASE), 2018, : 744 - 753
[43] ANID-SEoKELM: Adaptive network intrusion detection based on selective ensemble of kernel ELMs with random features
Liu, Jinping
He, Jiezhou
Zhang, Wuxia
Ma, Tianyu
Tang, Zhaohui
Niyoyita, Jean Paul
Gui, Weihua
KNOWLEDGE-BASED SYSTEMS, 2019, 177 : 104 - 116
[44] Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level Approach
Miyamoto, Kohei
Iida, Masazumi
Han, Chansu
Ban, Tao
Takahashi, Takeshi
Takeuchi, Jun'ichi
IEEE ACCESS, 2023, 11 : 132792 - 132810
[45] Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction
Tsang, Chi-Ho
Kwong, Sam
2005 IEEE International Conference on Industrial Technology - (ICIT), Vols 1 and 2, 2005, : 115 - 120
[46] HC-DTTSVM: A Network Intrusion Detection Method Based on Decision Tree Twin Support Vector Machine and Hierarchical Clustering
Zou, Li
Luo, Xuemei
Zhang, Yan
Yang, Xiao
Wang, Xiangwen
IEEE ACCESS, 2023, 11 : 21404 - 21416
[47] Toward fast network intrusion detection for web services: partial-flow feature extraction and dataset construction
Wang, Tianfeng
Xu, Yingying
Tang, Zhenzhou
INTERNATIONAL JOURNAL OF WEB INFORMATION SYSTEMS, 2025, 21 (01) : 77 - 95
[48] High Performance Network Intrusion Detection System Using Two-Stage LSTM and Incremental Created Hybrid Features
Han, Jonghoo
Pak, Wooguil
ELECTRONICS, 2023, 12 (04)
[49] Analysis of Multi-Types of Flow Features Based on Hybrid Neural Network for Improving Network Anomaly Detection
Ma, Chencheng
Du, Xuehui
Cao, Lifeng
IEEE ACCESS, 2019, 7 : 148363 - 148380
[50] Flow Topology-Based Graph Convolutional Network for Intrusion Detection in Label-Limited IoT Networks
Deng, Xiaoheng
Zhu, Jincai
Pei, Xinjun
Zhang, Lan
Ling, Zhen
Xue, Kaiping
IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2023, 20 (01): : 684 - 696

← 1 2 3 4 5 →