Radu VELEA1, Casian CIOBANU2, Laurențiu MĂRGĂRIT3, Ion BICA4*
1,2,3,4 Military Technical Academy,
81-83 George Coșbuc Av., Bucharest 050141, Romania
firstname.lastname@example.org (* Corresponding author)
ABSTRACT: IT infrastructures around the world are targeted by malicious entities that want to steal data or compromise services. Protection measures for complex computer networks are expensive to deploy and maintain, and often do not offer protection against zero-day exploits. In-depth analysis of incoming and outgoing traffic can be problematic from legal and technical perspectives. The current work explores the possibility of implementing reliable security measures using machine learning algorithms to perform traffic classification. The new framework is mapped on existing parallel hardware and aims to provide a versatile solution for the detection of anomalous behaviour in network traffic through k-means clustering and without performing deep packet inspection. Trace analysis metadata is obtained by exploiting the features available in the pcapng file format. K-means clustering is implemented using multiple parallel APIs and a comparative analysis is presented together with performance considerations.
KEYWORDS: K-Means clustering, Shallow packet inspection, Parallelization, Tracing.
>>FULL TEXT: PDF
CITE THIS PAPER AS:
Radu VELEA, Casian CIOBANU, Laurențiu MĂRGĂRIT, Ion BICA, Network Traffic Anomaly Detection Using Shallow Packet Inspection and Parallel K-means Data Clustering, Studies in Informatics and Control, ISSN 1220-1766, vol. 26(4), pp. 387-396, 2017.