Umer Muhammad Fahad, Sher Muhammad, Bi Yaxin
Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan.
School of Computing, Faculty of Computing, Engineering and the Built Environment, Ulster University, Jordanstown Campus, Antrim, United Kingdom.
PLoS One. 2018 Jan 12;13(1):e0180945. doi: 10.1371/journal.pone.0180945. eCollection 2018.
The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results.
下一代网络通过融合的移动和固定网络提供最先进的接入无关服务。融合网络环境中的安全性是一项重大挑战。由于吞吐量低、准确性差以及无法检查加密的有效载荷,传统的基于数据包和协议的入侵检测技术不能用于下一代网络。保护下一代网络的一种替代解决方案是使用网络流记录来检测网络流量中的恶意活动。网络流记录独立于接入网络和用户应用程序。在本文中,我们提出了一种用于下一代网络的基于流的两阶段入侵检测系统。第一阶段使用增强的无监督单类支持向量机,将恶意流与正常网络流量分离。第二阶段使用自组织映射,自动将恶意流分组到不同的警报集群中。我们在两个基于流的数据集上验证了所提出的方法,并取得了有希望的结果。
