Journal of Mathematical Sciences: Advances and ApplicationsAuthor's: Matthew K. Coughlan, John Tucker, Thomas Nelson and Benjamin Klimkowski
Pages: [51] - [70]
Received Date: May 1, 2017
Submitted by:
DOI: http://dx.doi.org/10.18642/jmsaa_7100121826
Intrusion detection systems (IDS) are systems used to defend a network against cyber attacks. Specifically, anomaly-based IDSs are systems that detect malicious activity on a network by identifying departures in network traffic from a previously established norm. For this project, we use a data set of network activity and assess the validity and effectiveness of k-means++ clustering at designating certain external traffic as malicious. We focus our detection efforts in on secure shell (SSH) brute force attacks. We evaluate the chosen clustering method by looking at benchmarks such as success/failure rates, false positive rates, and consistency across varying data.
anomaly-based intrusion detection system, ssh brute force attack, k-means, cluster analysis.
