The goal of Network Intrusion Detection Systems (NIDSs) is to protect against attacks by inspecting network traffic packets, for instance, looking for anomalies and signatures of known attacks. This paper illustrates an approach to attack detection that analyzes just the standard statistics automatically generated by the Simple Network Management Protocol (SNMP) through unsupervised distributed data mining algorithms. We describe the design of a decentralized system composed of a peer-to-peer network of monitoring stations: each of them continuously gathers SNMP statistical observations about the network traffic and runs a distributed data clustering algorithm in cooperation with other stations. This progressively leads to the construction of a traffic model capable to detect undergoing attacks on later observations, including potentially previously unknown attacks. To estimate the accuracy of the described system, we performed an extensive number of distributed data clustering processing on data sets of SNMP observations generated from real traffic.

Cerroni, W., Moro, G., Pasolini, R., Ramilli, M. (2015). Decentralized detection of network attacks through P2P data clustering of SNMP data. COMPUTERS & SECURITY, 52, 1-16 [10.1016/j.cose.2015.03.006].

Decentralized detection of network attacks through P2P data clustering of SNMP data

CERRONI, WALTER;MORO, GIANLUCA;PASOLINI, ROBERTO;
2015

Abstract

The goal of Network Intrusion Detection Systems (NIDSs) is to protect against attacks by inspecting network traffic packets, for instance, looking for anomalies and signatures of known attacks. This paper illustrates an approach to attack detection that analyzes just the standard statistics automatically generated by the Simple Network Management Protocol (SNMP) through unsupervised distributed data mining algorithms. We describe the design of a decentralized system composed of a peer-to-peer network of monitoring stations: each of them continuously gathers SNMP statistical observations about the network traffic and runs a distributed data clustering algorithm in cooperation with other stations. This progressively leads to the construction of a traffic model capable to detect undergoing attacks on later observations, including potentially previously unknown attacks. To estimate the accuracy of the described system, we performed an extensive number of distributed data clustering processing on data sets of SNMP observations generated from real traffic.
2015
Cerroni, W., Moro, G., Pasolini, R., Ramilli, M. (2015). Decentralized detection of network attacks through P2P data clustering of SNMP data. COMPUTERS & SECURITY, 52, 1-16 [10.1016/j.cose.2015.03.006].
Cerroni, Walter; Moro, Gianluca; Pasolini, Roberto; Ramilli, Marco
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/525245
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 22
  • ???jsp.display-item.citation.isi??? 11
social impact