Malicious Traffic Detection Using K-means

Various network attacks such as DDoS(Distributed Denial of service) and orm are one of the biggest problems in the modern society. These attacks reduce the quality of internet service and caused the cyber crime. To solve the above problem, signature based IDS(Intrusion Detection System) has been developed by network vendors. It has a high detection rate by using database of previous attack signatures or known malicious traffic pattern. However, signature based IDS have the fatal weakness that the new types of attacks can not be detected. The reason is signature depend on previous attack signatures. In this paper, we propose a k-means clustering based malicious traffic detection method to complement the problem of signature IDS. In order to demonstrate efficiency of the proposed method, we apply the bayesian theorem.

[1]  Patricio A. Vela,et al.  A Comparative Study of Efficient Initialization Methods for the K-Means Clustering Algorithm , 2012, Expert Syst. Appl..

[2]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[3]  Dong Zhou,et al.  Translation techniques in cross-language information retrieval , 2012, CSUR.

[4]  Myung-Sup Kim,et al.  Performance Improvement of Traffic Identification by Categorizing Signature Matching Type , 2015 .

[5]  Yongdae Kim,et al.  A machine learning framework for network anomaly detection using SVM and GA , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[6]  Sung-Ho Yoon,et al.  Automatic Generation of Snort Content Rule for Network Traffic , 2015 .

[7]  Ki Hoon Kwon,et al.  DDoS attack detection method using cluster analysis , 2008, Expert Syst. Appl..

[8]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[9]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[10]  Jake D. Brutlag,et al.  Aberrant Behavior Detection in Time Series for Network Monitoring , 2000, LISA.

[11]  Sung-Ho Yoon,et al.  Behavior Based Signature Extraction Method for Internet Application Traffic Identification , 2013 .

[12]  Oliviero Carugo,et al.  Data Mining Techniques for the Life Sciences , 2009, Methods in Molecular Biology.

[13]  Petra Perner,et al.  Advances in Data Mining. Applications and Theoretical Aspects , 2014, Lecture Notes in Computer Science.

[14]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[15]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[16]  Jennifer Rexford,et al.  Sensitivity of PCA for traffic anomaly detection , 2007, SIGMETRICS '07.

[17]  Ramesh Govindan,et al.  ASTUTE: detecting a different class of traffic anomalies , 2010, SIGCOMM '10.

[18]  Carlos Agón,et al.  Time-series data mining , 2012, CSUR.