A system for detecting network intruders in real-time

International Journal of Computer Science and Engineering
© 2016 by SSRG - IJCSE Journal
Volume 3 Issue 5
Year of Publication : 2016
Authors : Dhivya.J, Saritha.A.

pdf
How to Cite?

Dhivya.J, Saritha.A., "A system for detecting network intruders in real-time," SSRG International Journal of Computer Science and Engineering , vol. 3,  no. 5, pp. 34-37, 2016. Crossref, https://doi.org/10.14445/23488387/IJCSE-V3I5P106

Abstract:

In this paper, we propose Securitas, a protocol identification system used for network trace, which exploits the semantic information in protocol message formats. LTE first cleans log messages and then clusters the cleaned log messages based on the DBSCAN algorithm. At last it infers message templates by LDA Gibbs sampling algorithm. Experimental results show that LTE approach infers and gets multiple log message formats at the same time with more than 90% accuracy and 100% recall.

Keywords:

Latent Dirichlet Allocation, machine learning, network security, protocol identification

References:

[1] A Semantics-Aware Approach to the Automated Network Protocol Identification Xiaochun Yun, , Yipeng Wang, Yongzheng Zhang, , and Yu Zhou, 2015
[2] An Automatic Approach to Extract the Formats of Network and Security Log Messages Jing Ya1 Tingwen Liu, 2015
[3] W. Cui, J. Kannan, and H. J. Wang, “Discoverer: Automatic protocol reverse engineering from network traces,” in Proc. 16th USENIX SS, 2007
[4] T. Kimura, K. Ishibashi, T. Mori, H. Sawada, T. Toyono, K. Nishimatsu, A. Watanabe, A. Shimoda, and K. Shiomoto, “Spatio-temporal Factorization of Log Data for Understanding Network Events,” 2014
[5] W. Xu, L. Huang, A. Fox, D. Patterson, and M. I. Jordan, “Detecting Large-Scale System Problems by Mining Console Logs,”2009
[6] M. Ester, H.-P. Kriegel, J. Sander, and X. Xu, “A Density-based Algorithm for Discovering Clusters in Large Spatial Databases with Noise,” 1996
[7] W. Cui, J. Kannan, and H. J. Wang, “Discoverer: Automatic protocol reverse engineering from network traces,” 2007
[8] Y. Wang et al., “A semantics aware approach to automated reverse engineering unknown protocols,” 2012
[9] J. Zhang, C. Chen, Y. Xiang,W. Zhou, and A. Vasilakos, “An effective network traffic classification method with unknown flow detection,” 2013.
[10] J. Zhang, C. Chen, Y. Xiang,W. Zhou, and A. Vasilakos, “An effective network traffic classification method with unknown flow detection,” IEEE Trans. Netw. Service Manage., vol. 10, no. 2, pp. 133–147, Jun. 2013.