Cargando…
A two-stage flow-based intrusion detection model for next-generation networks
The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation netwo...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2018
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5766127/ https://www.ncbi.nlm.nih.gov/pubmed/29329294 http://dx.doi.org/10.1371/journal.pone.0180945 |
| _version_ | 1783292319151161344 |
|---|---|
| author | Umer, Muhammad Fahad Sher, Muhammad Bi, Yaxin |
| author_facet | Umer, Muhammad Fahad Sher, Muhammad Bi, Yaxin |
| author_sort | Umer, Muhammad Fahad |
| collection | PubMed |
| description | The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results. |
| format | Online Article Text |
| id | pubmed-5766127 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2018 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-57661272018-01-23 A two-stage flow-based intrusion detection model for next-generation networks Umer, Muhammad Fahad Sher, Muhammad Bi, Yaxin PLoS One Research Article The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results. Public Library of Science 2018-01-12 /pmc/articles/PMC5766127/ /pubmed/29329294 http://dx.doi.org/10.1371/journal.pone.0180945 Text en © 2018 Umer et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Umer, Muhammad Fahad Sher, Muhammad Bi, Yaxin A two-stage flow-based intrusion detection model for next-generation networks |
| title | A two-stage flow-based intrusion detection model for next-generation networks |
| title_full | A two-stage flow-based intrusion detection model for next-generation networks |
| title_fullStr | A two-stage flow-based intrusion detection model for next-generation networks |
| title_full_unstemmed | A two-stage flow-based intrusion detection model for next-generation networks |
| title_short | A two-stage flow-based intrusion detection model for next-generation networks |
| title_sort | two-stage flow-based intrusion detection model for next-generation networks |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5766127/ https://www.ncbi.nlm.nih.gov/pubmed/29329294 http://dx.doi.org/10.1371/journal.pone.0180945 |
| work_keys_str_mv | AT umermuhammadfahad atwostageflowbasedintrusiondetectionmodelfornextgenerationnetworks AT shermuhammad atwostageflowbasedintrusiondetectionmodelfornextgenerationnetworks AT biyaxin atwostageflowbasedintrusiondetectionmodelfornextgenerationnetworks AT umermuhammadfahad twostageflowbasedintrusiondetectionmodelfornextgenerationnetworks AT shermuhammad twostageflowbasedintrusiondetectionmodelfornextgenerationnetworks AT biyaxin twostageflowbasedintrusiondetectionmodelfornextgenerationnetworks |