Clustering extension of MOVICAB-IDS to identify SNMP community searches
Fecha de publicación
Oxford Journals Oxford University Press
LOGIC JOURNAL OF THE IGPL. Volumen 23 (1), pp. 121-140. Oxford Journals Oxford University Press.
There are many security systems to protect information resources, but we are still not free from possible successful attacks. This study aims at being one step towards the proposal of an intrusion detection system (IDS) that faces those attacks not previously seen (zero-day attacks), by studying the combination of clustering and neural visualization techniques. To do that, MObile VIsualization Connectionist Agent-Based IDS (MOVICAB-IDS), previously proposed as a hybrid intelligent IDS based on a visualization approach, is upgraded by adding clustering methods. One of the main drawbacks of MOVICAB-IDS was its dependence on human processing; it could not automatically raise an alarm to warn about attacks. Additionally, human users could fail to detect an intrusion even when visualized as an anomalous one. To overcome this limitation, present work proposes the application of clustering techniques to provide automatic response to MOVICAB-IDS to quickly abort intrusive actions while happening. To check the validity of the proposed clustering extension, it faces now an anomalous situation related to the Simple Network Management Protocol: a community search. This attack to get the community string (password guessing) is analysed by clustering and neural tools, individually and in conjunction. Through the experimental stage, it is shown that the combination of clustering and neural projection improves the detection capability on a continuous network flow.