Skip to main content
Conference Proceedings

Cluster analysis for anomaly detection

Advances in Soft Computing (2009) 53 163-169
DOI: 10.1007/978-3-540-88181-0_21
2Citations
Citations of this article
9Readers
Mendeley users who have this article in their library.
Get full text

Abstract

This document presents a technique of traffic analysis, looking for attempted intrusion and information attacks. A traffic classifier aggregates packets in clusters by means of an adapted genetic algorithm. In a network with traffic homogenous over the time, clusters do not vary in number and characteristics. In the event of attacks or introduction of new applications the clusters change in number and characteristics. The set of data processed for the test are extracted from traffic DARPA, provided by MIT Lincoln Labs and commonly used to test effectiveness and efficiency of systems for Intrusion Detection. The target events of the trials are Denial of Service and Reconaissance. The experimental evidence shows that, even with an input of unrefined data, the algorithm is able to classify, with discrete accuracy, malicious events. © 2009 Springer-Verlag Berlin Heidelberg.

Cite

CITATION STYLE

APA

Lieto, G., Orsini, F., & Pagano, G. (2009). Cluster analysis for anomaly detection. In Advances in Soft Computing (Vol. 53, pp. 163–169). https://doi.org/10.1007/978-3-540-88181-0_21

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free