Dissemin is shutting down on January 1st, 2025

Published in

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, p. 417-430

DOI: 10.1007/978-3-642-10625-5_26

Links

Tools

Export citation

Search in Google Scholar

Network Attack Detection Based on Peer-to-Peer Clustering of SNMP Data

Proceedings article published in 2009 by Walter Cerroni ORCID, Gabriele Monti, Gianluca Moro, Marco Ramilli
This paper is available in a repository.
This paper is available in a repository.

Full text: Download

Green circle
Preprint: archiving allowed
Green circle
Postprint: archiving allowed
Red circle
Published version: archiving forbidden
Data provided by SHERPA/RoMEO

Abstract

Network intrusion detection is a key security issue that can be tackled by means of different approaches. This paper describes a novel methodology for network attack detection based on the use of data mining techniques to process traffic information collected by a monitoring station from a set of hosts using the Simple Network Management Protocol (SNMP). The proposed approach, adopting unsupervised clustering techniques, allows to effectively distinguish normal traffic behavior from malicious network activity and to determine with very good accuracy what kind of attack is being perpetrated. Several monitoring stations are then interconnected according to any peer-to-peer network in order to share the knowledge base acquired with the proposed methodology, thus increasing the detection capabilities. An experimental test-bed has been implemented, which reproduces the case of a real web server under several attack techniques. Results of the experiments show the effectiveness of the proposed solution, with no detection failures of true attacks and very low false-positive rates (i.e. false alarms). © Institute for Computer Science, Social-Informatics and Telecommunications Engineering 2009.