基于软聚类的网络异常流在线检测

2015 7th International Conference on New Technologies, Mobility and Security (NTMS) Pub Date : 2015-07-27 DOI:10.1109/NTMS.2015.7266510

M. Zolotukhin, T. Hämäläinen, T. Kokkonen, Jarmo Siltanen

{"title":"基于软聚类的网络异常流在线检测","authors":"M. Zolotukhin, T. Hämäläinen, T. Kokkonen, Jarmo Siltanen","doi":"10.1109/NTMS.2015.7266510","DOIUrl":null,"url":null,"abstract":"In this study, we apply an anomaly-based approach to analyze traffic flows transferred over a network to detect the flows related to different types of attacks. Based on the information extracted from network flows a model of normal user behavior is discovered with the help of several clustering techniques. This model is then used to detect anomalies within recent time intervals. Since this approach is based on normal user behavior, it can potentially detect zero-day intrusions. Moreover, such a flow-based intrusion detection approach can be used in high speeds since it is based on information in packet headers, and, therefore, has to handle a considerably lesser amount of data. The proposed framework is tested on the data obtained with the help of a realistic cyber environment (RGCE) that enables one to construct real attack vectors. The simulations show that the proposed method results in a higher accuracy rate when compared to other intrusion detection techniques.","PeriodicalId":115020,"journal":{"name":"2015 7th International Conference on New Technologies, Mobility and Security (NTMS)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Online detection of anomalous network flows with soft clustering\",\"authors\":\"M. Zolotukhin, T. Hämäläinen, T. Kokkonen, Jarmo Siltanen\",\"doi\":\"10.1109/NTMS.2015.7266510\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this study, we apply an anomaly-based approach to analyze traffic flows transferred over a network to detect the flows related to different types of attacks. Based on the information extracted from network flows a model of normal user behavior is discovered with the help of several clustering techniques. This model is then used to detect anomalies within recent time intervals. Since this approach is based on normal user behavior, it can potentially detect zero-day intrusions. Moreover, such a flow-based intrusion detection approach can be used in high speeds since it is based on information in packet headers, and, therefore, has to handle a considerably lesser amount of data. The proposed framework is tested on the data obtained with the help of a realistic cyber environment (RGCE) that enables one to construct real attack vectors. The simulations show that the proposed method results in a higher accuracy rate when compared to other intrusion detection techniques.\",\"PeriodicalId\":115020,\"journal\":{\"name\":\"2015 7th International Conference on New Technologies, Mobility and Security (NTMS)\",\"volume\":\"104 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-07-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 7th International Conference on New Technologies, Mobility and Security (NTMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NTMS.2015.7266510\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 7th International Conference on New Technologies, Mobility and Security (NTMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NTMS.2015.7266510","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

在本研究中，我们应用基于异常的方法来分析通过网络传输的流量，以检测与不同类型攻击相关的流量。基于从网络流中提取的信息，利用多种聚类技术发现正常用户行为模型。然后使用该模型检测最近时间间隔内的异常情况。由于这种方法是基于正常的用户行为，它可以潜在地检测零日入侵。此外，这种基于流的入侵检测方法可以高速使用，因为它基于包头中的信息，因此必须处理相当少的数据量。在现实网络环境(RGCE)的帮助下，对所提出的框架进行了数据测试，使人们能够构建真实的攻击向量。仿真结果表明，与其他入侵检测技术相比，该方法具有更高的准确率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Online detection of anomalous network flows with soft clustering

In this study, we apply an anomaly-based approach to analyze traffic flows transferred over a network to detect the flows related to different types of attacks. Based on the information extracted from network flows a model of normal user behavior is discovered with the help of several clustering techniques. This model is then used to detect anomalies within recent time intervals. Since this approach is based on normal user behavior, it can potentially detect zero-day intrusions. Moreover, such a flow-based intrusion detection approach can be used in high speeds since it is based on information in packet headers, and, therefore, has to handle a considerably lesser amount of data. The proposed framework is tested on the data obtained with the help of a realistic cyber environment (RGCE) that enables one to construct real attack vectors. The simulations show that the proposed method results in a higher accuracy rate when compared to other intrusion detection techniques.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 7th International Conference on New Technologies, Mobility and Security (NTMS)

自引率

0.00%

发文量