IDEAS home Printed from https://ideas.repec.org/a/plo/pone00/0180945.html
   My bibliography  Save this article

A two-stage flow-based intrusion detection model for next-generation networks

Author

Listed:
  • Muhammad Fahad Umer
  • Muhammad Sher
  • Yaxin Bi

Abstract

The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results.

Suggested Citation

  • Muhammad Fahad Umer & Muhammad Sher & Yaxin Bi, 2018. "A two-stage flow-based intrusion detection model for next-generation networks," PLOS ONE, Public Library of Science, vol. 13(1), pages 1-20, January.
    • Handle: RePEc:plo:pone00:0180945
    DOI: 10.1371/journal.pone.0180945
    as

    Download full text from publisher

    File URL: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0180945
    Download Restriction: no
    File URL: https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0180945&type=printable
    Download Restriction: no
    File URL: https://libkey.io/10.1371/journal.pone.0180945?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Gaoming Yang & Xu Yu & Lingwei Xu & Yu Xin & Xianjin Fang, 2019. "An intrusion detection algorithm for sensor network based on normalized cut spectral clustering," PLOS ONE, Public Library of Science, vol. 14(10), pages 1-14, October.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0180945. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.