Clustering for Intrusion Detection: Network Scans as a Case of Study

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 189)

Abstract

MOVICAB-IDS has been previously proposed as a hybrid intelligent Intrusion Detection System (IDS). This on-going research aims to be one step towards adding automatic response to this visualization-based IDS by means of clustering techniques. As a sample case of study for the proposed clustering extension, it has been applied to the identification of different network scans. The aim is checking whether clustering and projection techniques could be compatible and consequently applied to a continuous network flow for intrusion detection. A comprehensive experimental study has been carried out on previously generated real-life data sets. Empirical results suggest that projection and clustering techniques could work in unison to enhance MOVICAB-IDS.

Keywords

Network Intrusion Detection Computational Intelligence Exploratory Projection Pursuit Clustering Automatic Response 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Computer Security Threat Monitoring and Surveillance. Technical Report. James P. Anderson Co. (1980)Google Scholar
  2. 2.
    Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13, 222–232 (1987)CrossRefGoogle Scholar
  3. 3.
    Chih-Fong, T., Yu-Feng, H., Chia-Ying, L., Wei-Yang, L.: Intrusion Detection by Machine Learning: A Review. Expert Systems with Applications 36, 11994–12000 (2009)CrossRefGoogle Scholar
  4. 4.
    Herrero, Á., Corchado, E.: Mining Network Traffic Data for Attacks through MOVICAB-IDS. In: Abraham, A., Hassanien, A.-E., de Carvalho, A.P. (eds.) Foundations of Computational Intelligence Volume 4. SCI, vol. 204, pp. 377–394. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Corchado, E., Herrero, Á.: Neural Visualization of Network Traffic Data for Intrusion Detection. Applied Soft Computing 11, 2042–2056 (2011)CrossRefGoogle Scholar
  6. 6.
    Abdullah, K., Lee, C., Conti, G., Copeland, J.A.: Visualizing Network Data for Intrusion Detection. In: Sixth Annual IEEE Information Assurance Workshop - Systems, Man and Cybernetics, pp. 100–108 (2005)Google Scholar
  7. 7.
    Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. International Journal of Pattern Recognition and Artificial Intelligence 17, 1447–1466 (2003)CrossRefGoogle Scholar
  8. 8.
    Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23, 881–890 (1974)MATHCrossRefGoogle Scholar
  9. 9.
    Corchado, E., Corchado, J.M., Sáiz, L., Lara, A.M.: Constructing a Global and Integral Model of Business Management Using a CBR System. In: Luo, Y. (ed.) CDVE 2004. LNCS, vol. 3190, pp. 141–147. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: 10th European Symposium on Artificial Neural Networks (ESANN 2002), pp. 143–148 (2002)Google Scholar
  11. 11.
    Corchado, E., Han, Y., Fyfe, C.: Structuring Global Responses of Local Filters Using Lateral Connections. Journal of Experimental & Theoretical Artificial Intelligence 15, 473–487 (2003)MATHCrossRefGoogle Scholar
  12. 12.
    Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. In: Advances in Neural Information Processing Systems, vol. 10, pp. 350–356 (1998)Google Scholar
  13. 13.
    Jain, A.K., Murthy, M.N., Flynn, P.J.: Data Clustering: A Review. ACM Computing Surveys 31 (1999)Google Scholar
  14. 14.
    Anderberg, M.R.: Cluster Analysis for Applications. Academic Press, Inc., New York (1973)MATHGoogle Scholar
  15. 15.
    Jain, A.K., Dubles, R.C.: Algorithms for Clustering Data. Prentice-Hall Advanced Reference Series. Prentice-Hall, Inc., Upper Saddle River (1988)MATHGoogle Scholar
  16. 16.
    Diday, E., Simon, J.C.: Clustering Analysis. In: Fu, K.S. (ed.) Digital Pattern Recognition, pp. 47–94. Springer, Secaucus (1976)CrossRefGoogle Scholar
  17. 17.
    Michalski, R., Stepp, R.E., Diday, E.: Automated construction of classifications: conceptual clustering versus numerical taxonomy. IEEE Trans. Pattern Anal. Mach. Intell. PAMI-5(5), 396–409 (1983)CrossRefGoogle Scholar
  18. 18.
    Mao, J., Jones, A.K.: A self-organizing network for hyperellipsoidal clustering (HEC). IEEE Trans. Neural Netw. 7, 16–29 (1996)CrossRefGoogle Scholar
  19. 19.
    McQueen, J.: Some methods for classification and analysis of multivariate observacions. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, pp. 281–297 (1967)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Raúl Sánchez
    • 1
  • Álvaro Herrero
    • 1
  • Emilio Corchado
    • 2
  1. 1.Department of Civil EngineeringUniversity of Burgos, SpainBurgosSpain
  2. 2.Departamento de Informática y AutomáticaUniversidad de SalamancaSalamancaSpain

Personalised recommendations