Detecting Network Intrusion through Anomalous Packet Identification

2020 30th International Telecommunication Networks and Applications Conference (ITNAC) Pub Date : 2020-11-25 DOI:10.1109/ITNAC50341.2020.9315029

Tanjim Munir Dipon, Md. Shohrab Hossain, Husnu S. Narman

{"title":"Detecting Network Intrusion through Anomalous Packet Identification","authors":"Tanjim Munir Dipon, Md. Shohrab Hossain, Husnu S. Narman","doi":"10.1109/ITNAC50341.2020.9315029","DOIUrl":null,"url":null,"abstract":"Rule based intrusion detection depends on the attack signature database which has to be constantly updated, requiring time and efforts. Anomaly based intrusion detection through unsupervised methods does not require comparing with attack signatures. However, detecting anomalous behaviour is a complex task. In this paper, we have proposed an unsupervised approach for anomalous network traffic identification by combining dimensionality reduction with sub-space clustering. Our approach takes the attribute values from network traffics as input, performs principal component analysis on them, and then applies density-based clustering on each possible three dimensional sub-spaces to rank the outliers. Results show that our proposed approach detects a wide range of anomalous network session which included instances of intrusive sessions too. The evaluation of this approach showed significant accuracy and faster detection with a zero false negative rate, implying that no instance of the listed attacks went undetected.","PeriodicalId":131639,"journal":{"name":"2020 30th International Telecommunication Networks and Applications Conference (ITNAC)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 30th International Telecommunication Networks and Applications Conference (ITNAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITNAC50341.2020.9315029","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Rule based intrusion detection depends on the attack signature database which has to be constantly updated, requiring time and efforts. Anomaly based intrusion detection through unsupervised methods does not require comparing with attack signatures. However, detecting anomalous behaviour is a complex task. In this paper, we have proposed an unsupervised approach for anomalous network traffic identification by combining dimensionality reduction with sub-space clustering. Our approach takes the attribute values from network traffics as input, performs principal component analysis on them, and then applies density-based clustering on each possible three dimensional sub-spaces to rank the outliers. Results show that our proposed approach detects a wide range of anomalous network session which included instances of intrusive sessions too. The evaluation of this approach showed significant accuracy and faster detection with a zero false negative rate, implying that no instance of the listed attacks went undetected.

查看原文本刊更多论文

通过异常报文识别检测网络入侵

基于规则的入侵检测依赖于攻击特征库，攻击特征库需要不断更新，耗时费力。基于异常的无监督入侵检测方法不需要与攻击特征进行比较。然而，检测异常行为是一项复杂的任务。本文提出了一种将降维与子空间聚类相结合的无监督网络流量识别方法。我们的方法将网络流量的属性值作为输入，对其进行主成分分析，然后对每个可能的三维子空间应用基于密度的聚类来对异常值进行排序。结果表明，我们提出的方法可以检测到广泛的异常网络会话，其中也包括入侵会话的实例。对这种方法的评估显示出显著的准确性和更快的检测速度，假阴性率为零，这意味着所列出的攻击实例都没有被检测到。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 30th International Telecommunication Networks and Applications Conference (ITNAC)

自引率

0.00%

发文量