Turkish Journal of Electrical Engineering and Computer Sciences
Graph-based intrusion detection approaches consider the network as a graph and detect anomalies based on graph metrics. However, most of these approaches succumb to the cluster-based behavior of the anomalies. To resolve this problem in our study, we use flow and graph-clustering concepts to create a data set first. A new criterion related to the average weight of clusters is then defined and a model is proposed to detect attacks based on the above-mentioned criterion. Finally, the model is evaluated using a DARPA data set. Results show that the proposed approach detects the attacks with high accuracy relative to methods described in previous studies.
Attack, DARPA data set, flow, graph clustering, intrusion detection
KARIMPOUR, JABER; LOTFI, SHAHRIAR; and SIAHMARZKOOH, ALIAKBAR TAJARI
"Intrusion detection in network flows based on an optimized clustering criterion,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 25:
3, Article 28.
Available at: https://journals.tubitak.gov.tr/elektrik/vol25/iss3/28
Computer Engineering Commons, Computer Sciences Commons, Electrical and Computer Engineering Commons