Abstract
In this study, we apply an anomaly-based approach to analyze traffic flows transferred over a network to detect the flows related to different types of attacks. Based on the information extracted from network flows a model of normal user behavior is discovered with the help of several clustering techniques. This model is then used to detect anomalies within recent time intervals. Since this approach is based on normal user behavior, it can potentially detect zero-day intrusions. Moreover, such a flow-based intrusion detection approach can be used in high speeds since it is based on information in packet headers, and, therefore, has to handle a considerably lesser amount of data. The proposed framework is tested on the data obtained with the help of a realistic cyber environment (RGCE) that enables one to construct real attack vectors. The simulations show that the proposed method results in a higher accuracy rate when compared to other intrusion detection techniques.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
