Volume no :46, Issue no: 1, July (2017)

EVALUATING K-MEANS++ CLUSTERING FOR ANOMALY-BASED INTRUSION DETECTION SYSTEMS-FOCUS ON EXTERNAL THREATS

Author's: Matthew K. Coughlan, John Tucker, Thomas Nelson and Benjamin Klimkowski
Pages: [51] - [70]
Received Date: May 1, 2017
Submitted by:
DOI: http://dx.doi.org/10.18642/jmsaa_7100121826

Abstract

Intrusion detection systems (IDS) are systems used to defend a network against cyber attacks. Specifically, anomaly-based IDSs are systems that detect malicious activity on a network by identifying departures in network traffic from a previously established norm. For this project, we use a data set of network activity and assess the validity and effectiveness of k-means++ clustering at designating certain external traffic as malicious. We focus our detection efforts in on secure shell (SSH) brute force attacks. We evaluate the chosen clustering method by looking at benchmarks such as success/failure rates, false positive rates, and consistency across varying data.

Keywords

anomaly-based intrusion detection system, ssh brute force attack, k-means, cluster analysis.