Applying multivariate data analysis to identify key parameters of bi-directional attack flows

Author

Wilailux, Korakoch ; Ngamsuriyaroj, Sudsanguan

Author_Institution

Fac. of Inf. & Commun. Technol., Mahidol Univ., Nakhon Pathom, Thailand

fYear

2015

fDate

23-25 April 2015

Firstpage

198

Lastpage

204

Abstract

Flow export data has been intensively used in anomaly-based intrusion detection systems; however, we have limited understanding of the characteristics of bi-directional flow parameters with respect to the types of network attacks. To recognize the relationship between traffic parameters, we propose an empirical model which analyzes synthetically generated five network attacks within a closed environment, and perform exploratory data analysis using principal component analysis. The experimental results have identified relevant key parameters for selecting good candidates for intrusion detection analysis. The analysis capabilities of bi-directional flow parameters and their characteristics persisting in selected attacks have been diagnosed and revealed.

Keywords

IP networks; computer network security; data analysis; principal component analysis; telecommunication traffic; anomaly-based intrusion detection systems; bidirectional attack flows; flow export data; multivariate data analysis; network attacks; principal component analysis; traffic parameters; Bidirectional control; Correlation; IP networks; Intrusion detection; Ports (Computers); Principal component analysis; Protocols; analysis of network attack; close-world assumption; principal component analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Defence Technology (ACDT), 2015 Asian Conference on

Conference_Location

Hua Hin

Print_ISBN

978-1-4799-8166-3

Type

conf

DOI

10.1109/ACDT.2015.7111611

Filename

7111611