Research Article
Network Intrusion Detection with Threat Agent Profiling
Table 10
Clusters and attributes of threat agents with DDoS attribute.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Notes. The first column represents attributes. The other six columns correspond to the following profiling approaches: one-stage profiling without analysis of outliers (-means algorithm), one-stage profiling without analysis of outliers (PAM algorithm), one-stage profiling with analysis of outliers (-means algorithm), one-stage profiling with analysis of outliers (PAM algorithm), two-stage profiling without analysis of outliers (-means and PAM algorithms), and two-stage profiling with analysis of outliers (-means and PAM algorithms). The rows correspond to the following attributes: number of clusters, count of threat agents, percentage of threat agents in cluster to all threat agents, Recon.Scanning, availability, duration, max. Iileness, min. idleness, a number of ISP, and a number of unique targets. "Out" means outliers. |