A deep density based and self-determining clustering approach to label unknown traffic

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorMonshizadeh, Mehrnooshen_US
dc.contributor.authorKhatri, Vikramajeeten_US
dc.contributor.authorKantola, Raimoen_US
dc.contributor.authorYan, Zhengen_US
dc.contributor.departmentDepartment of Communications and Networkingen
dc.contributor.groupauthorNetwork Security and Trusten
dc.contributor.organizationNokia Bell Labs Finlanden_US
dc.contributor.organizationNetwork Security and Trusten_US
dc.date.accessioned2022-10-19T06:42:34Z
dc.date.available2022-10-19T06:42:34Z
dc.date.issued2022-11en_US
dc.descriptionPublisher Copyright: © 2022 The Author(s)
dc.description.abstractAnalyzing non-labeled data is a major concern in the field of intrusion detection as the attack clusters are continuously evolving which are unknown for the system. Many studies have been conducted on different techniques such as clustering to solve this issue. Consequently, in this paper the clustering techniques are applied based on the packets’ similarity to categorize unknown traffic. After clustering is done by the proposed architecture, the security investigator analyzes one packet from each cluster (instead of thousands of packets) and generalize the result of analysis to all packets belonging to the cluster. The proposed architecture, namely Associated Density Based Clustering (ADBC) applies multiple unsupervised algorithms and a co-association matrix to detect attack clusters of any shape as long as they have density-connected elements. Furthermore, the architecture automatically determines the best number of clusters in order to categorize non-labeled data. The performance of proposed architecture is evaluated based on the various metrics, while its generalization capability is tested with three publicly available datasets.en
dc.description.versionPeer revieweden
dc.format.extent18
dc.format.mimetypeapplication/pdfen_US
dc.identifier.citationMonshizadeh, M, Khatri, V, Kantola, R & Yan, Z 2022, ' A deep density based and self-determining clustering approach to label unknown traffic ', Journal of Network and Computer Applications, vol. 207, 103513 . https://doi.org/10.1016/j.jnca.2022.103513en
dc.identifier.doi10.1016/j.jnca.2022.103513en_US
dc.identifier.issn1084-8045
dc.identifier.otherPURE UUID: 37ae2697-9afe-424b-89a2-5a540d2ba933en_US
dc.identifier.otherPURE ITEMURL: https://research.aalto.fi/en/publications/37ae2697-9afe-424b-89a2-5a540d2ba933en_US
dc.identifier.otherPURE LINK: http://www.scopus.com/inward/record.url?scp=85138465383&partnerID=8YFLogxKen_US
dc.identifier.otherPURE FILEURL: https://research.aalto.fi/files/89252411/1_s2.0_S1084804522001540_main.pdfen_US
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/117193
dc.identifier.urnURN:NBN:fi:aalto-202210195981
dc.language.isoenen
dc.publisherACADEMIC PRESS
dc.relation.ispartofseriesJournal of Network and Computer Applicationsen
dc.relation.ispartofseriesVolume 207en
dc.rightsopenAccessen
dc.subject.keywordData miningen_US
dc.subject.keywordIntrusion detectionen_US
dc.subject.keywordMachine Learningen_US
dc.subject.keywordNetwork securityen_US
dc.subject.keywordNetwork trafficen_US
dc.titleA deep density based and self-determining clustering approach to label unknown trafficen
dc.typeA1 Alkuperäisartikkeli tieteellisessä aikakauslehdessäfi
dc.type.versionpublishedVersion
Files