Turkish Journal of Electrical Engineering and Computer Sciences
DOI
10.3906/elk-1601-105
Abstract
Graph-based intrusion detection approaches consider the network as a graph and detect anomalies based on graph metrics. However, most of these approaches succumb to the cluster-based behavior of the anomalies. To resolve this problem in our study, we use flow and graph-clustering concepts to create a data set first. A new criterion related to the average weight of clusters is then defined and a model is proposed to detect attacks based on the above-mentioned criterion. Finally, the model is evaluated using a DARPA data set. Results show that the proposed approach detects the attacks with high accuracy relative to methods described in previous studies.
Keywords
Attack, DARPA data set, flow, graph clustering, intrusion detection
First Page
1963
Last Page
1975
Recommended Citation
KARIMPOUR, JABER; LOTFI, SHAHRIAR; and SIAHMARZKOOH, ALIAKBAR TAJARI
(2017)
"Intrusion detection in network flows based on an optimized clustering criterion,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 25:
No.
3, Article 28.
https://doi.org/10.3906/elk-1601-105
Available at:
https://journals.tubitak.gov.tr/elektrik/vol25/iss3/28
Included in
Computer Engineering Commons, Computer Sciences Commons, Electrical and Computer Engineering Commons
