Clustering and neural visualization for flow-based intrusion detection

Abstract

To secure a system, potential threats must be identified and therefore, attack features are understood and predicted. Present work aims at being one step towards the proposal of an Intrusion Detection System (IDS) that faces zero-day attacks. To do that, MObile VIsualisation Connectionist Agent-Based IDS (MOVICAB-IDS), previously proposed as a hybrid-intelligent visualization-based IDS, is being upgraded by adding clustering methods. To check the validity of the proposed clustering extension, it faces a realistic flow-based dataset in present paper. The analyzed data come from a honeypot directly connected to the Internet (thus ensuring attack-exposure) and is analyzed by clustering and neural tools, individually and in conjunction. Through the experimental stage, it is shown that the combination of clustering and neural projection improves the detection capability on a continuous network flow.