Abstract

Graph-based intrusion detection approaches consider the network as a graph and detect anomalies based on graph metrics. However, most of these approaches succumb to the cluster-based behavior of the anomalies. To resolve this problem in our study, we use flow and graph-clustering concepts to create a data set first. A new criterion related to the average weight of clusters is then defined and a model is proposed to detect attacks based on the above-mentioned criterion. Finally, the model is evaluated using a DARPA data set. Results show that the proposed approach detects the attacks with high accuracy relative to methods described in previous studies.

DOI

10.3906/elk-1601-105

Keywords

Attack, DARPA data set, flow, graph clustering, intrusion detection

First Page

1963

Last Page

1975

Recommended Citation

KARIMPOUR, J, LOTFI, S, & SIAHMARZKOOH, A. T (2017). Intrusion detection in network flows based on an optimized clustering criterion. Turkish Journal of Electrical Engineering and Computer Sciences 25 (3): 1963-1975. https://doi.org/10.3906/elk-1601-105

Download

Included in

Computer Engineering Commons, Computer Sciences Commons, Electrical and Computer Engineering Commons

COinS

Turkish Journal of Electrical Engineering and Computer Sciences

Intrusion detection in network flows based on an optimized clustering criterion

Abstract

DOI

Keywords

First Page

Last Page

Recommended Citation

Included in

Issues by Year

Search

Turkish Journal of Electrical Engineering and Computer Sciences

Intrusion detection in network flows based on an optimized clustering criterion

Authors

Abstract

DOI

Keywords

First Page

Last Page

Recommended Citation

Included in

Share

Issues by Year

Search