Advanced SearchSearch Tips
Malicious Traffic Detection Using K-means
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Malicious Traffic Detection Using K-means
Shin, Dong Hyuk; An, Kwang Kue; Choi, Sung Chune; Choi, Hyoung-Kee;
  PDF(new window)
Various network attacks such as DDoS(Distributed Denial of service) and orm are one of the biggest problems in the modern society. These attacks reduce the quality of internet service and caused the cyber crime. To solve the above problem, signature based IDS(Intrusion Detection System) has been developed by network vendors. It has a high detection rate by using database of previous attack signatures or known malicious traffic pattern. However, signature based IDS have the fatal weakness that the new types of attacks can not be detected. The reason is signature depend on previous attack signatures. In this paper, we propose a k-means clustering based malicious traffic detection method to complement the problem of signature IDS. In order to demonstrate efficiency of the proposed method, we apply the bayesian theorem.
IDS;K-means;DDoS;Witty Worm;Slammer Worm;
 Cited by
Software Defined Networking을 위한 다중 기계학습 결합 기반의 DDoS 탐지 시스템,김영빈;최동호;판 반 트렁;마이 렁;박민호;

한국통신학회논문지, 2017. vol.42. 8, pp.1581-1590 crossref(new window)
M. Roesch, "Snort-Lightweight intrusion detection for networks," in Proc. USENIX LISA 99, vol. 99, no. 1, Washington, USA, Nov. 1999.

V. Paxon, "Bro: A system for detecting network intruders in real-time," in Proc. 7th USENIX Security Symp., San Antonio, TX, Jan. 1998.

S.-H. Yoon and M.-S. Kim, "Behavior based signature extraction method for internet application traffic identification," J. KICS, vol. 38, no. 5, pp. 368-376, May 2013.

K.-S. Shim, S.-H. Yoon, S.-K. Lee, S.-M. Kim, W.-S. Jung, and M.-S. Kim, "Automatic generation of snort content rule for network traffic analysis," J. KICS, vol. 40, no. 4, pp. 666-672, Apr. 2015. crossref(new window)

W.-S. Jung, J.-S. Park, and M.-S. Kim, "Performance improvement of traffic identification by categorizing signature matching type," J. KICS, vol. 40, no. 7, pp. 1339-1346, Jul. 2015. crossref(new window)

L. I. Smith, A tutorials on Principal Components Analysis, Retrieved Oct., 14, 2015, from

O. Carugo and F. Eisenhaber, Data Mining Techniques for the Life Sciences, Humana Press, vol. 609, 2010.

E. Philippe and C. Agon, "Time series data mining," ACM Computing Surveys (CSUR), vol 45, no. 12, pp. 1-34, Nov. 2012.

M. E. Celebi, H. A. Kingravi, and P. A. Vela, "A comparative study of efficient initialization methods for the k-means clustering algorithm," J. Elsevier, vol. 40, no. 1, pp. 200-210, Jan. 2013.

A. Lakhina, M. Crovella, and C. Diot, "Diagnosing network-wide traffic anomalies," SIGCOMM '04, pp. 219-230, Portland, USA, Aug. 2004.

H. Ringberg, A. Soule, J. Rexford, and C. Diot, "Sensitivity of PCA for traffic anomaly detection," SIGMETRICS '07, pp. 109-120, San Diego, USA, Jun. 2007.

L. Khan, M. Awad, and B. Thuraisingham, "A new intrusion detection system using support vector machines and hierarchical clustering," J. VLDB, vol. 16, no.4, pp. 507-521, Oct. 2007. crossref(new window)

T. Shon, Y. Kim, C. Lee, and J. Moon, "A machine learning framework for network anomaly detection using SVM and Ga," IAW '05, pp. 176-183, New York, USA, Jun. 2005.

J. D. Brutlag, "Aberrant behavior detection in time series for network monitoring," in Proc. LISA, vol. 14, pp. 139-146, New Orleans, USA, Dec. 2000.

G. Münz, S. Li, and G. Carle, "Traffic anomaly detection using k-means clustering," GI/ITG Workshop MMBnet 2007, Hamburg, Germany, Sept. 2007.

K. Lee, J. Kim, K. H. Kwon, Y. Han, and S. Kim, "DDoS attack detection method using cluster analysis," J. Elsevier, vol. 34, no. 3, pp. 1659-1665, Apr. 2008.

R. Braga, E. Mota, and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," 2010 IEEE LCN, pp. 408-415, Denver, CO, Oct. 2015.

G. R. Zargar and P. Kabiri, "Advances in data mining: Applications and theoretical aspects," in Proc. 10th Ind. Conf., ICDM 2010, Berlin, Germany, Jul. 2010.

F. Silveira, C. Diot, N. Taft, and R. Govindan, "ASTUTE: Detecting a different class of traffic anomalies," in Proc. ACM SIGCOMM '10, pp. 267-278, New Delhi, India, Aug. 2010.