A deep density based and self-determining clustering approach to label unknown traffic
dc.contributor | Aalto-yliopisto | fi |
dc.contributor | Aalto University | en |
dc.contributor.author | Monshizadeh, Mehrnoosh | en_US |
dc.contributor.author | Khatri, Vikramajeet | en_US |
dc.contributor.author | Kantola, Raimo | en_US |
dc.contributor.author | Yan, Zheng | en_US |
dc.contributor.department | Department of Communications and Networking | en |
dc.contributor.groupauthor | Network Security and Trust | en |
dc.contributor.organization | Nokia Bell Labs Finland | en_US |
dc.contributor.organization | Network Security and Trust | en_US |
dc.date.accessioned | 2022-10-19T06:42:34Z | |
dc.date.available | 2022-10-19T06:42:34Z | |
dc.date.issued | 2022-11 | en_US |
dc.description | Publisher Copyright: © 2022 The Author(s) | |
dc.description.abstract | Analyzing non-labeled data is a major concern in the field of intrusion detection as the attack clusters are continuously evolving which are unknown for the system. Many studies have been conducted on different techniques such as clustering to solve this issue. Consequently, in this paper the clustering techniques are applied based on the packets’ similarity to categorize unknown traffic. After clustering is done by the proposed architecture, the security investigator analyzes one packet from each cluster (instead of thousands of packets) and generalize the result of analysis to all packets belonging to the cluster. The proposed architecture, namely Associated Density Based Clustering (ADBC) applies multiple unsupervised algorithms and a co-association matrix to detect attack clusters of any shape as long as they have density-connected elements. Furthermore, the architecture automatically determines the best number of clusters in order to categorize non-labeled data. The performance of proposed architecture is evaluated based on the various metrics, while its generalization capability is tested with three publicly available datasets. | en |
dc.description.version | Peer reviewed | en |
dc.format.extent | 18 | |
dc.format.mimetype | application/pdf | en_US |
dc.identifier.citation | Monshizadeh, M, Khatri, V, Kantola, R & Yan, Z 2022, ' A deep density based and self-determining clustering approach to label unknown traffic ', Journal of Network and Computer Applications, vol. 207, 103513 . https://doi.org/10.1016/j.jnca.2022.103513 | en |
dc.identifier.doi | 10.1016/j.jnca.2022.103513 | en_US |
dc.identifier.issn | 1084-8045 | |
dc.identifier.other | PURE UUID: 37ae2697-9afe-424b-89a2-5a540d2ba933 | en_US |
dc.identifier.other | PURE ITEMURL: https://research.aalto.fi/en/publications/37ae2697-9afe-424b-89a2-5a540d2ba933 | en_US |
dc.identifier.other | PURE LINK: http://www.scopus.com/inward/record.url?scp=85138465383&partnerID=8YFLogxK | en_US |
dc.identifier.other | PURE FILEURL: https://research.aalto.fi/files/89252411/1_s2.0_S1084804522001540_main.pdf | en_US |
dc.identifier.uri | https://aaltodoc.aalto.fi/handle/123456789/117193 | |
dc.identifier.urn | URN:NBN:fi:aalto-202210195981 | |
dc.language.iso | en | en |
dc.publisher | ACADEMIC PRESS | |
dc.relation.ispartofseries | Journal of Network and Computer Applications | en |
dc.relation.ispartofseries | Volume 207 | en |
dc.rights | openAccess | en |
dc.subject.keyword | Data mining | en_US |
dc.subject.keyword | Intrusion detection | en_US |
dc.subject.keyword | Machine Learning | en_US |
dc.subject.keyword | Network security | en_US |
dc.subject.keyword | Network traffic | en_US |
dc.title | A deep density based and self-determining clustering approach to label unknown traffic | en |
dc.type | A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä | fi |
dc.type.version | publishedVersion |