Data Recovery And Intrusion Detection System Using 2SE(2-Seed Expansion)
Keywords:
malicious network traffic, attack detection, attack phase, network flow clustering.Abstract
Although many different detection mechanisms have been proposed, exiting detection methods generally tend
to successfully detect attacks only after the attacks have finished and caused damage to the system. As recent attacks
employ polymorphism technology and complicated attack techniques, it has become even more difficult for these
approaches to detect attacks in a timely manner. In this paper, we propose an efficient network attack detection algorithm
called seed expanding (SE) that detects attacks before they damage the system. SE employs the Two-Seed-Expanding
network traffic clustering scheme, which clusters attack traffic into different attack phases. First we pre-process the
networks traffic, including constructing the network flow, changing continuous-valued attributes into nominal attributes
by adopting the discretization method, and further turning into binary features. Then based on these features, SE
computes a weight for each flow and iteratively selects seeds to expand until all flows are divided into clusters. To
investigate the effectiveness of the proposed approach, we undertook extensive experimental analyses. The results of the
experiment show that the pre-procession greatly improves clustering performance, and the Two-Seed-Expanding
Algorithm is better than K-Means and other kinds of Seed-Expanding in attack-flow clustering. These cluster results can
be further used in attack detection.
