scholarly journals Mining Network Traffic with the k -Means Clustering Algorithm for Stepping-Stone Intrusion Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Lixin Wang ◽  
Jianhua Yang ◽  
Xiaohua Xu ◽  
Peng-Jun Wan
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Efficient Algorithm ◽  
Clustering Algorithm ◽  
Detection Algorithm ◽  
Target System ◽  
The Internet ◽  
Stepping Stones ◽  
Network Attacks ◽  
Stepping Stone

Intruders on the Internet usually launch network attacks through compromised hosts, called stepping stones, in order to reduce the chance of being detected. With stepping-stone intrusions, an attacker uses tools such as SSH to log in several compromised hosts remotely and create an interactive connection chain and then sends attacking packets to a target system. An effective method to detect such an intrusion is to estimate the length of a connection chain. In this paper, we develop an efficient algorithm to detect stepping-stone intrusion by mining network traffic using the k -means clustering. Existing approaches for connection-chain-based stepping-stone intrusion detection either are not effective or require a large number of TCP packets to be captured and processed and, thus, are not efficient. Our proposed detection algorithm can accurately determine the length of a connection chain without requiring a large number of TCP packets being captured and processed, so it is more efficient. Our proposed detection algorithm is also easier to implement than all existing approaches for stepping-stone intrusion detection. The effectiveness, correctness, and efficiency of our proposed detection algorithm are verified through well-designed network experiments.

scholarly journals A Framework to Test Resistency of Detection Algorithms for Stepping-Stone Intrusion on Time-Jittering Manipulation

2021 ◽  
Vol 2021 ◽  
pp. 1-8
Author(s):  
Lixin Wang ◽  
Jianhua Yang ◽  
Michael Workman ◽  
Peng-Jun Wan
Keyword(s):  
Data Stream ◽  
Detection Method ◽  
Detection Algorithm ◽  
Efficient Algorithms ◽  
Detection Methods ◽  
The Internet ◽  
Stepping Stones ◽  
Stepping Stone ◽  
Detection Algorithms ◽  
A Chain

Hackers on the Internet usually send attacking packets using compromised hosts, called stepping-stones, in order to avoid being detected and caught. With stepping-stone attacks, an intruder remotely logins these stepping-stones using programs like SSH or telnet, uses a chain of Internet hosts as relay machines, and then sends the attacking packets. A great number of detection approaches have been developed for stepping-stone intrusion (SSI) in the literature. Many of these existing detection methods worked effectively only when session manipulation by intruders is not present. When the session is manipulated by attackers, there are few known effective detection methods for SSI. It is important to know whether a detection algorithm for SSI is resistant on session manipulation by attackers. For session manipulation with chaff perturbation, software tools such as Scapy can be used to inject meaningless packets into a data stream. However, to the best of our knowledge, there are no existing effective tools or efficient algorithms to produce time-jittered network traffic that can be used to test whether an SSI detection method is resistant on intruders’ time-jittering manipulation. In this paper, we propose a framework to test resistency of detection algorithms for SSI on time-jittering manipulation. Our proposed framework can be used to test whether an existing or new SSI detection method is resistant on session manipulation by intruders with time-jittering.

Research on Data Security Detection Algorithm in IoT Based on K-means

2021 ◽  
Vol 14 ◽  
Author(s):  
Jianxing Zhu ◽  
Lina Huo ◽  
Mohd Dilshad Ansari ◽  
Mohammad Asif Ikbal
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Data Security ◽  
Detection Method ◽  
Detection Algorithm ◽  
The Internet ◽  
Human Beings ◽  
Network Attacks ◽  
Hybrid Detection ◽  
The Internet Of Things

Background: The development of the Internet of Things has prominently expanded the perception of human beings, but ensuing security issues have attracted people's attention. From the perspective of the relatively weak sensor network in the Internet of Things. Method: Proposed method Aiming at the characteristics of diversification and heterogeneity of collected data in sensor networks, the data set is clustered and analyzed from the aspects of network delay and data flow to extract data characteristics. Then, according to the characteristics of different types of network attacks, a hybrid detection method for network attacks is established. An efficient data intrusion detection algorithm based on K-means clustering is proposed Results: This paper proposes a network node control method based on traffic constraints to improve the security level of the network. Simulation experiments show that compared with traditional password-based intrusion detection methods; the proposed method has a higher detection level and is suitable for data security protection in the Internet of Things. Conclusions: This paper proposes an efficient intrusion detection method for applications with Internet of Things

scholarly journals Research on Data Security Detection Algorithm in IoT Based on K-means

2021 ◽  
Vol 22 (2) ◽  
Author(s):  
Jianxing Zhu ◽  
Lina Huo ◽  
Mohd Dilshad Ansari ◽  
Mohammad Asif Ikbal
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Data Security ◽  
Detection Method ◽  
Detection Algorithm ◽  
The Internet ◽  
Human Beings ◽  
Network Attacks ◽  
Hybrid Detection ◽  
The Internet Of Things

The development of the Internet of Things has prominently expanded the perception of human beings, but ensuing security issues have attracted people's attention. From the perspective of the relatively weak sensor network in the Internet of Things. Proposed method is aiming at the characteristics of diversification and heterogeneity of collected data in sensor networks; the data set is clustered and analyzed from the aspects of network delay and data flow to extract data characteristics. Then, according to the characteristics of different types of network attacks, a hybrid detection method for network attacks is established. An efficient data intrusion detection algorithm based on K-means clustering is proposed. This paper proposes a network node control method based on traffic constraints to improve the security level of the network. Simulation experiments show that compared with traditional password-based intrusion detection methods; the proposed method has a higher detection level and is suitable for data security protection in the Internet of Things. This paper proposes an efficient intrusion detection method for applications with Internet of Things.

Intrusion Detection Based on Dynamic Gemini Population DE-K-mediods Clustering on Hadoop Platform

2020 ◽  
pp. 2150001
Author(s):  
Wentie Wu ◽  
Shengchao Xu
Keyword(s):  
Cloud Computing ◽  
Intrusion Detection ◽  
Differential Evolution ◽  
Large Scale ◽  
Clustering Algorithm ◽  
Detection System ◽  
Differential Evolution Algorithm ◽  
Detection Algorithm ◽  
Local Optimum ◽  
Evolution Algorithm

In view of the fact that the existing intrusion detection system (IDS) based on clustering algorithm cannot adapt to the large-scale growth of system logs, a K-mediods clustering intrusion detection algorithm based on differential evolution suitable for cloud computing environment is proposed. First, the differential evolution algorithm is combined with the K-mediods clustering algorithm in order to use the powerful global search capability of the differential evolution algorithm to improve the convergence efficiency of large-scale data sample clustering. Second, in order to further improve the optimization ability of clustering, a dynamic Gemini population scheme was adopted to improve the differential evolution algorithm, thereby maintaining the diversity of the population while improving the problem of being easily trapped into a local optimum. Finally, in the intrusion detection processing of big data, the optimized clustering algorithm is designed in parallel under the Hadoop Map Reduce framework. Simulation experiments were performed in the open source cloud computing framework Hadoop cluster environment. Experimental results show that the overall detection effect of the proposed algorithm is significantly better than the existing intrusion detection algorithms.

scholarly journals Multivariable Heuristic Approach to Intrusion Detection in Network Environments

Entropy ◽  
2021 ◽  
Vol 23 (6) ◽  
pp. 776
Author(s):  
Marcin Niemiec ◽  
Rafał Kościej ◽  
Bartłomiej Gdowski
Keyword(s):  
Intrusion Detection ◽  
Heuristic Algorithm ◽  
Detection Algorithm ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Thresholds ◽  
Detection Systems ◽  
Different Types ◽  
Ongoing Development ◽  
Network Environments

The Internet is an inseparable part of our contemporary lives. This means that protection against threats and attacks is crucial for major companies and for individual users. There is a demand for the ongoing development of methods for ensuring security in cyberspace. A crucial cybersecurity solution is intrusion detection systems, which detect attacks in network environments and responds appropriately. This article presents a new multivariable heuristic intrusion detection algorithm based on different types of flags and values of entropy. The data is shared by organisations to help increase the effectiveness of intrusion detection. The authors also propose default values for parameters of a heuristic algorithm and values regarding detection thresholds. This solution has been implemented in a well-known, open-source system and verified with a series of tests. Additionally, the authors investigated how updating the variables affects the intrusion detection process. The results confirmed the effectiveness of the proposed approach and heuristic algorithm.

NETWORK TRAFFIC ANOMALIES DETECTION USING AN ENSEMBLE OF CLASSIFIERS

2020 ◽  
pp. 38-46
Author(s):  
S. A. Sakulin ◽  
A. N. Alfimtsev ◽  
K. N. Kvitchenko ◽  
L. Ya. Dobkach ◽  
Yu. A. Kalgin
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Hybrid Approach ◽  
Stochastic Gradient Descent ◽  
Type I ◽  
Network Attacks ◽  
Detection Systems ◽  
Accuracy Increase

Network technologies have been steadily developing and their application has been expanding. One of the aspects of the development is a modification of the current network attacks and the appearance of new ones. The anomalies that can be detected in network traffic conform with such attacks. Development of new and improvement of the current approaches to detect anomalies in network traffic have become an urgent task. The article suggests a hybrid approach to detect anomalies on the basis of the combined signature approach and computationally effective classifiers of machine learning: logistic regression, stochastic gradient descent and decision tree with accuracy increase due to weighted voting. The choice of the classifiers is explained by the admissible complexity of the algorithms that allows detection of network traffic events for the time close to real. Signature analysis is carried out with the help of the Zeek IDS (Intrusion Detection System) signature base. Learning is fulfilled by preliminary prepared (by excluding extra recordings and parameters) CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System) signature set by cross validation. The set is roughly divided into ten parts that allows us to increase the accuracy. Experimental evaluation of the developed approach comparing with individual classifiers and with other approaches by such criteria as part of type I and II errors, accuracy and level of detection, has proved the approach suitable to be applied in network attacks detection systems. It is possible to introduce the developed approach into both existing and new anomaly detection systems.

scholarly journals DESIGNING RULES TO IMPLEMENT RECONNAISSANCE AND UNAUTHORIZED ACCESS ATTACKS FOR INTRUSION DETECTION SYSTEM

2019 ◽  
Vol 2 (2) ◽  
pp. 25-43
Author(s):  
Subhi A. Mohammed
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Network Attacks ◽  
Unauthorized Access ◽  
Large Numbers

Abstract- Network attacks are classified according to their objective into three types: Denial of Services (DOS), reconnaissance and unauthorized access. A base signature Intrusion Detection System (IDS) which gives an alarm when the monitor network traffic meets a previously specified set of criteria of attack traffic. This paper will focus on design, compose, and process IDS rules, and then to decide whether that packet is intrusive or not, by examining the signatures of the attacks in both incoming packets headers and payload to networks. Packet sniffer is performs capturing, decoding and reassembling of the network packet traffic, then passes it to the programmed rules. Linux backtrack tools was used to implement an IDS scenario for two types of attacks (Reconnaissance and Unauthorized access). The results show that IDS rules are able to detect large numbers of various attacks.

scholarly journals Development of software application for network traffic analysis and intrusion detection

2021 ◽  
pp. 57-64
Author(s):  
Alexander Ivanov ◽  
◽  
Alexander Kutischev ◽  
Elena Nikitina ◽  
◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Traffic Analysis ◽  
Network Intrusion Detection ◽  
Network Attacks ◽  
Software Application ◽  
Detection Systems ◽  
Network Traffic Analysis ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

This paper demonstrated the use of neural networks in the development of network intrusion detection systems, described the structure of the developed software application for network traffic analysis and network attacks detection, and presented the software application results.

scholarly journals An Improved Anomalous Intrusion Detection Model

2019 ◽  
Vol 4 (2) ◽  
Author(s):  
Bodunde O Akinyemi ◽  
Johnson B Adekunle ◽  
Temitope A Aladesanmi ◽  
Adesola G Aderounmu ◽  
Beman H Kamagate
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Clustering Algorithm ◽  
Information Gain ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Cyber Attack ◽  
Network Resources ◽  
Detection Model ◽  
Normal Network

The volume of cyber-attack targeting network resources within the cyberspace is steadily increasing and evolving. Network intrusions compromise the confidentiality, integrity or availability of network resources causing reputational damage and the consequential financial loss. One of the key cyber-defense tools against these attacks is the Intrusion Detection System. Existing anomalous intrusion detection models often misclassified normal network traffics as attacks while minority attacks go undetected due to an extreme imbalance in network traffic data. This leads to a high false positive and low detection rate. This study focused on improving the detection accuracy by addressing the class imbalanced problem which is often associated with network traffic dataset. Live network traffic packets were collected within the test case environment with Wireshark during normal network activities, Syncflood attack, slowhttppost attack and exploitation of known vulnerabilities on a targeted machine. Fifty-two features including forty-two features similar to Knowledge Discovery in Database (KDD ’99) intrusion detection dataset were extracted from the packet meta-data using Spleen tool. The features were normalized with min-max normalization algorithm and Information Gain algorithm was used to select the best discriminatory features from the feature space. An anomalous intrusion detection model was formulated by a cascade of k-means clustering algorithm and random-forest classifier. The proposed model was simulated and its performance was evaluated using detection accuracy, sensitivity, and specificity as metrics. The result of the evaluation showed 10% higher detection accuracy, 29% sensitivity, and 0.2% specificity than the existing model. Keywords— anomalous, cyber-attack, Detection, Intrusion

Sign in / Sign up

Export Citation Format

Share Document