A Two-stage Flow-based Intrusion Detection Model ForNext-generation Networks

User Muhammad Fahad User, Muhammad Sher, Yaxin Bi

Research output: Contribution to journalArticlepeer-review

24 Citations (Scopus)
93 Downloads (Pure)


The next-generation network provides state-of-the-art access-independent services overconverged mobile and fixed networks. Security in the converged network environment isa major challenge. Traditional packet and protocol-based intrusion detection techniquescannot be used in next-generation networks due to slow throughput, low accuracy andtheir inability to inspect encrypted payload. An alternative solution for protection ofnext-generation networks is to use network flow records for detection of maliciousactivity in the network traffic. The network flow records are independent of accessnetworks and user applications. In this paper, we propose a two-stage flow-basedintrusion detection system for next-generation networks. The first stage uses anenhanced unsupervised one-class support vector machine which separates maliciousflows from normal network traffic. The second stage uses a self-organizing map whichautomatically groups malicious flows into different alert clusters. We validated theproposed approach on two flow-based datasets and obtained promising results.
Original languageEnglish
Pages (from-to)1-20
JournalPLoS ONE
Issue number1
Publication statusPublished (in print/issue) - 12 Jan 2018


  • Network Security
  • Intrusion Detection
  • Network Traffic Flow


Dive into the research topics of 'A Two-stage Flow-based Intrusion Detection Model ForNext-generation Networks'. Together they form a unique fingerprint.

Cite this