The Journal of Korean Institute of Information Technology (한국정보기술학회논문지)

Korean Institute of Information Technology (한국정보기술학회)
권호 표지

Detection of Network Attacks Based on an Improved Clustering Algorithm

개선된 클러스터링 알고리즘 기반의 네트워크 공격 탐지

  • 장석우 (안양대학교 디지털미디어학과) ;
  • 김계영 (숭실대학교 컴퓨터학부)
  • Published : 2013.03.31
⟨ Previous Next ⟩

Abstract

In this paper, we suggest a method of effectively detecting and classifying network traffic attacks by visualizing their IP addresses and ports and clustering the visualized ports according to their variances. The proposed approach first generates 2D images from the IP addresses and ports of the transmitters and receivers. Analyzing those images, it then extracts their major features such as linear patterns and high intensity values representing traffic attacks, clusters the ports using an improved ISODATA algorithm, and determines through neural network if the traffic data contain DDoS, DoS, or Internet worm attacks. In experiments, we show that our suggested ISODATA clustering-based algorithm effectively detects traffic attacks through various experiments.

본 논문에서는 네트워크 트래픽 데이터의 IP 주소와 포트 정보를 시각화하고, 시각화된 포트 정보를 분산도에 따라 군집화함으로써 네트워크의 트래픽 공격을 보다 효과적으로 탐지 및 분류하는 방법을 제안한다. 제안된 방법에서는 먼저 송신자와 수신자의 IP 주소와 포트 정보를 2차원의 영상으로 시각화한다. 그리고 시각화된 영상을 분석하여 네트워크 트래픽의 공격을 의미하는 라인 또는 명암값이 높은 패턴을 추출하고, 개선된 클러스터링 알고리즘을 이용하여 포트 정보를 분산도에 따라 군집화한다. 마지막으로, 추출된 특징들을 인공신경망을 통해 학습시켜 트래픽 데이터가 정상 트래픽, DDoS, DoS, 또는 인터넷 웜인지를 자동으로 탐지한다. 본 논문의 실험에서는 제안된 클러스터링 알고리즘을 이용한 방법이 네트워크 트래픽 데이터의 공격을 보다 효과적으로 탐지한다는 것을 실험을 통해 보여준다.

Keywords

References

  1. Y. Hai, "Study on Distributed Denial of Service Attack Detection Model Based on PCA and GA-Artificial Neural Network", Lecture Notes in Electrical Engineering, Vol. 113, No. 2, pp. 1181-1188, Dec. 2011.
  2. A. -S. Jin, J. -Y. Choi, H. -I. Choi, "Automatic Attack Detection based on Improved ISODATA Algorithm", In Proc. of the Summer Conference of the Korea Society of Computer and Information, Vol. 18, No. 2, pp. 169-172, July 2010.
  3. C. -Y. Jeong, S. -G. Sohn, B.- H. Chang, and J. -C. Na, "An Efficient Method for Analyzing Network Security Situation Using Visualization", Journal of the Korean Institute of Information Security and Cryptology, Vol. 19, No. 3, pp. 107-117, June 2009.
  4. X. Yin, W. Yurcik, and A. Slagell, "The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness", In Proc. of the IEEE International Information Assurance Workshop, pp. 23-24, March 2005.
  5. J. McPherson, K. Ma, P. Krystosek, T. Bartoletti, and M. Christensen, "PortVis: A Tool for Port-Based Detection of Security Events", In Proc. of the ACM Workshop on Visualization and Data Mining for Computer Security, pp. 78-81, Oct. 2004.
  6. E. Corchado and A. Herrero, "Neural Visualization of Network Traffic Data for Intrusion Detection", Applied Soft Computing, Vol. 11, No. 2, pp. 2042-2056, March 2011. https://doi.org/10.1016/j.asoc.2010.07.002
  7. Y. D. Kim, "Performance of VoIP Traffics over MANETs under DDoS Intrusions", The Journal of the Korea Institute of Electronic Communication Sciences, Vol. 6, No. 4, pp. 493-498, Aug. 2011.
  8. Y. Xie and S. -Z. Yu, "Monitoring the Application-Layer DDoS Attacks for Popular Websites", IEEE/ACM Transactions on Networking, Vol. 17, No. 1, pp. 54-65, Feb. 2009. https://doi.org/10.1109/TNET.2008.923716
  9. T. Gamer, "Collaborative Anomaly-based Detection of Large-Scale Internet Attacks", Computer Networks, Vol. 56, No. 1, pp. 169-185, Jan. 2012. https://doi.org/10.1016/j.comnet.2011.08.015
  10. S. -W. Jang, G. -Y. Kim, and H. -S. Na, "Detecting Abnormal Patterns of Network Traffic by Analyzing Linear Patterns and Intensity Values", Journal of the Korea Society of Computer and Information, Vol. 17, No. 5, pp. 21-28, May 2012.
  11. D. -J. Choi, C. -K. Song, M. -G. Chun, and S. -W. Lee, "LED Inspection System of Post-Molding Process Using Image Processing", Journal of Korean Institute of Information Technology, Vol. 10, No. 5, pp. 17-27, May 2012.
  12. Q. Liu, Z. Zhao, Y. -X. Li, and Y. Li, "Feature Selection Based on Sensitivity Analysis of Fuzzy ISODATA", Neurocomputing, Vol. 85, pp. 29-37, May 2012. https://doi.org/10.1016/j.neucom.2012.01.005
  13. B. N. Subudhi, P. K. Nanda, and A. Ghosh, "Entropy-based Region Selection for Moving Object Detection", Pattern Recognition Letters, Vol. 32, No. 15, pp. 2097-2108, Nov. 2011. https://doi.org/10.1016/j.patrec.2011.07.028