Network Attack Detection Based on Peer-to-Peer Clustering of SNMP Data

  • Walter Cerroni
  • Gabriele Monti
  • Gianluca Moro
  • Marco Ramilli
Conference paper

DOI: 10.1007/978-3-642-10625-5_26

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 22)
Cite this paper as:
Cerroni W., Monti G., Moro G., Ramilli M. (2009) Network Attack Detection Based on Peer-to-Peer Clustering of SNMP Data. In: Bartolini N., Nikoletseas S., Sinha P., Cardellini V., Mahanti A. (eds) Quality of Service in Heterogeneous Networks. QShine 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 22. Springer, Berlin, Heidelberg

Abstract

Network intrusion detection is a key security issue that can be tackled by means of different approaches. This paper describes a novel methodology for network attack detection based on the use of data mining techniques to process traffic information collected by a monitoring station from a set of hosts using the Simple Network Management Protocol (SNMP). The proposed approach, adopting unsupervised clustering techniques, allows to effectively distinguish normal traffic behavior from malicious network activity and to determine with very good accuracy what kind of attack is being perpetrated. Several monitoring stations are then interconnected according to any peer-to-peer network in order to share the knowledge base acquired with the proposed methodology, thus increasing the detection capabilities. An experimental test-bed has been implemented, which reproduces the case of a real web server under several attack techniques. Results of the experiments show the effectiveness of the proposed solution, with no detection failures of true attacks and very low false-positive rates (i.e. false alarms).

Keywords

Network security distributed intrusion detection SNMP data mining data clustering peer-to-peer 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2009

Authors and Affiliations

  • Walter Cerroni
    • 1
  • Gabriele Monti
    • 1
  • Gianluca Moro
    • 1
  • Marco Ramilli
    • 1
  1. 1.DEISUniversity of BolognaCesena (FC)Italy

Personalised recommendations