Abstract
The necessary spread of the access points to network services makes them vulnerable to many potential and different types of attackers: script kiddies, hackers, and misfeasors. Although the network services produce a great quantity of data logged by hosts, it is impossible for a security officer, and generally for a network administrator, to monitor daily generated traffic in order to control attacks. Currently a LAN is defended with a mixture of solutions adopted at different levels. Commercial firewalls typically use descriptive statistics to give the security officer information about the quantitative characteristics of the TCP/IP traffic as a whole. In this work, we generate information on the “profile” of connections by means of clustering techniques. This approach makes the security officer able to detect connections that are far away from the mass. We use different clustering techniques in order to study their response for this type of problem. Results on real traffic data are reported and commented.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: WIT Transactions on Information and Communication Technologies
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
