This document presents a technique of traffic analysis, looking for attempted intrusion and information attacks. A traffic classifier aggregates packets in clusters by means of an adapted genetic algorithm. In a network with traffic homogenous over the time, clusters do not vary in number and characteristics. In the event of attacks or introduction of new applications the clusters change in number and characteristics. The set of data processed for the test are extracted from traffic DARPA, provided by MIT Lincoln Labs and commonly used to test effectiveness and efficiency of systems for Intrusion Detection. The target events of the trials are Denial of Service and Reconaissance. The experimental evidence shows that, even with an input of unrefined data, the algorithm is able to classify, with discrete accuracy, malicious events. © 2009 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Lieto, G., Orsini, F., & Pagano, G. (2009). Cluster analysis for anomaly detection. In Advances in Soft Computing (Vol. 53, pp. 163–169). https://doi.org/10.1007/978-3-540-88181-0_21
Mendeley helps you to discover research relevant for your work.