Search
WIT Press


Related conference

BEM/MRM 47

BEM/MRM 47

25-27 September 2024

Seville, Spain

Related Book

Data Mining V

Edited By: A. ZANASI, TEMIS Text Mining Solutions S.A., Italy, N.F. F. EBECKEN, COPPE/UFRJ, Federal University of Rio de Janeiro, Brazil and C.A. Brebbia, Wessex Institute of Technology, UK

Clustering As An Add-on For Firewalls

Price

Free (open access)

Transaction

WIT Transactions on Information and Communication Technologies

Volume

33

Pages

8

Published

2004

Size

229 kb

Paper DOI

10.2495/DATA040111

Copyright

WIT Press

Author(s)

C. Caruso & D. Malerba

Abstract

The necessary spread of the access points to network services makes them vulnerable to many potential and different types of attackers: script kiddies, hackers, and misfeasors. Although the network services produce a great quantity of data logged by hosts, it is impossible for a security officer, and generally for a network administrator, to monitor daily generated traffic in order to control attacks. Currently a LAN is defended with a mixture of solutions adopted at different levels. Commercial firewalls typically use descriptive statistics to give the security officer information about the quantitative characteristics of the TCP/IP traffic as a whole. In this work, we generate information on the \“profile” of connections by means of clustering techniques. This approach makes the security officer able to detect connections that are far away from the mass. We use different clustering techniques in order to study their response for this type of problem. Results on real traffic data are reported and commented. Keywords: live network traffic analysis, anomaly detection, intrusion detection, clustering, data preprocessing. 1 Introduction For a network administrator it is important to have a complete description of the connections behaviour so to understand the development of his/her own network. This aspect is becoming more and more relevant and in fact commercial firewalls include modules which, though the computation of simple descriptive statistics, try to inform the security officer on the qualitative nature of network traffic. Firewalls have no means to give information about the mass of connections. The built-in modules permit to analyse every aspect of packet streams; some firewalls also possess an SQL dialect to query its own logs but SQL queries give answers about something the user already know or \“suspect”.

Keywords

live network traffic analysis, anomaly detection, intrusion detection, clustering, data preprocessing.



Related conference

BEM/MRM 47

BEM/MRM 47

25-27 September 2024

Seville, Spain

Related Book

Data Mining V

Edited By: A. ZANASI, TEMIS Text Mining Solutions S.A., Italy, N.F. F. EBECKEN, COPPE/UFRJ, Federal University of Rio de Janeiro, Brazil and C.A. Brebbia, Wessex Institute of Technology, UK

Other papers in this volume

Warning (2) : foreach() argument must be of type array|object, null given [in /var/www/dce7ae55-385b-4ffa-8595-3ec5e61ff110/public_html/app/templates/Papers/view.php, line 364]

Keep me updated
Data Mining V

View Book

Other papers in this volume

Personalization In The Semantic Web Era: A Glance Ahead

A Simple Mixture Model For Unsupervised Text Categorisation

Data Warehouse Screening And Personalizing Agent

Extracting People’s Names From RSS Feeds Using WordNet

Stock Broker P – Sentiment Extraction For The Stock Market

An XML Based Semantic Protein Map

Automated Text Mining Comparison Of Japanese And USA Multi-robot Research

WIT Press, Ashurst Lodge, Ashurst, Southampton SO40 7AA, UK. Registered in England as a limited company No. 4741634

Copyright 2025 WIT Press All Rights Reserved - Prices are Subject to Change - Returns Policy - Privacy Policy - Site Map