- Turkish Journal of Electrical Engineering and Computer Science
- Vol: 25 Issue: 3
- Intrusion detection in network flows based on an optimized clustering criterion
Intrusion detection in network flows based on an optimized clustering criterion
Authors : Jaber Karimpour, Shahriar Lotfi, Aliakbar Tajari Siahmarzkooh
Pages : 1963-1975
View : 14 | Download : 7
Publication Date : 9999-12-31
Article Type : Makaleler
Abstract :Graph-based intrusion detection approaches consider the network as a graph and detect anomalies based on graph metrics. However, most of these approaches succumb to the cluster-based behavior of the anomalies. To resolve this problem in our study, we use flow and graph-clustering concepts to create a data set first. A new criterion related to the average weight of clusters is then defined and a model is proposed to detect attacks based on the above-mentioned criterion. Finally, the model is evaluated using a DARPA data set. Results show that the proposed approach detects the attacks with high accuracy relative to methods described in previous studies.Keywords : Attack, DARPA data set, flow, graph clustering, intrusion detection