Clustering extension of MOVICAB-IDS to identify SNMP community searches

There are many security systems to protect information resources, but we are still not free from possible successful attacks. This study aims at being one step towards the proposal of an intrusion detection system (IDS) that faces those attacks not previously seen (zero-day attacks), by studying the...

ver descrição completa

Detalhes bibliográficos
Autores: Marticorena Sánchez, Raúl, Herrero Cosío, Álvaro, Corchado Rodríguez, Emilio Santiago
Formato: artículo
Fecha de publicación:2015
País:España
Recursos:Universidad de Salamanca (USAL)
Repositorio:GREDOS. Repositorio Institucional de la Universidad de Salamanca
OAI Identifier:oai:gredos.usal.es:10366/134296
Acesso em linha:http://hdl.handle.net/10366/134296
Access Level:acceso abierto
Palavra-chave:Computer Science
Descrição
Resumo:There are many security systems to protect information resources, but we are still not free from possible successful attacks. This study aims at being one step towards the proposal of an intrusion detection system (IDS) that faces those attacks not previously seen (zero-day attacks), by studying the combination of clustering and neural visualization techniques. To do that, MObile VIsualization Connectionist Agent-Based IDS (MOVICAB-IDS), previously proposed as a hybrid intelligent IDS based on a visualization approach, is upgraded by adding clustering methods. One of the main drawbacks of MOVICAB-IDS was its dependence on human processing; it could not automatically raise an alarm to warn about attacks. Additionally, human users could fail to detect an intrusion even when visualized as an anomalous one. To overcome this limitation, present work proposes the application of clustering techniques to provide automatic response to MOVICAB-IDS to quickly abort intrusive actions while happening. To check the validity of the proposed clustering extension, it faces now an anomalous situation related to the Simple Network Management Protocol: a community search. This attack to get the community string (password guessing) is analysed by clustering and neural tools, individually and in conjunction. Through the experimental stage, it is shown that the combination of clustering and neural projection improves the detection capability on a continuous network flow.