Applying multivariate data analysis to identify key parameters of bi-directional attack flows

Abstract

Flow export data has been intensively used in anomaly-based intrusion detection systems; however, we have limited understanding of the characteristics of bi-directional flow parameters with respect to the types of network attacks. To recognize the relationship between traffic parameters, we propose an empirical model which analyzes synthetically generated five network attacks within a closed environment, and perform exploratory data analysis using principal component analysis. The experimental results have identified relevant key parameters for selecting good candidates for intrusion detection analysis. The analysis capabilities of bi-directional flow parameters and their characteristics persisting in selected attacks have been diagnosed and revealed.