Abstract
The next-generation network provides state-of-the-art access-independent services overconverged mobile and fixed networks. Security in the converged network environment isa major challenge. Traditional packet and protocol-based intrusion detection techniquescannot be used in next-generation networks due to slow throughput, low accuracy andtheir inability to inspect encrypted payload. An alternative solution for protection ofnext-generation networks is to use network flow records for detection of maliciousactivity in the network traffic. The network flow records are independent of accessnetworks and user applications. In this paper, we propose a two-stage flow-basedintrusion detection system for next-generation networks. The first stage uses anenhanced unsupervised one-class support vector machine which separates maliciousflows from normal network traffic. The second stage uses a self-organizing map whichautomatically groups malicious flows into different alert clusters. We validated theproposed approach on two flow-based datasets and obtained promising results.
Original language | English |
---|---|
Pages (from-to) | 1-20 |
Journal | PLoS ONE |
Volume | 13 |
Issue number | 1 |
DOIs | |
Publication status | Published (in print/issue) - 12 Jan 2018 |
Keywords
- Network Security
- Intrusion Detection
- Network Traffic Flow
Fingerprint
Dive into the research topics of 'A Two-stage Flow-based Intrusion Detection Model ForNext-generation Networks'. Together they form a unique fingerprint.Profiles
-
Yaxin Bi
- School of Computing - Professor in Artificial Intelligence
- Faculty Of Computing, Eng. & Built Env. - Full Professor
Person: Academic