| Summary: | We suggest a method of effectively detecting and classifying network traffic attacks by visualizing their IP (Internet protocol) addresses and ports and clustering the visualized ports based on their variance. The proposed approach first visualizes the IP addresses and ports of the senders and receivers into two-dimensional images. The method then analyzes the visualized images and extracts linear and/or high brightness patterns, which represent traffic attacks. Subsequently, it groups the ports using an improved clustering algorithm, allowing an artificial neural network to learn the extracted features and to automatically detect and classify normal traffic data, DDoS attacks, DoS attacks, or Internet Worms. The experiments conducted in this work prove that our suggested clustering-based algorithm effectively detects various traffic attacks.
|
|---|