A multi-level intrusion detection method for abnormal network behaviors

Abnormal network traffic analysis has become an increasingly important research topic to protect computing infrastructures from intruders. Yet, it is challenging to accurately discover threats due to the high volume of network traffic. To have better knowledge about network intrusions, this paper focuses on designing a multi-level network detection method. Mainly, it is composed of three steps as (1) understanding hidden underlying patterns from network traffic data by creating reliable rules to identify network abnormality, (2) generating a predictive model to determine exact attack categories, and (3) integrating a visual analytics tool to conduct an interactive visual analysis and validate the identified intrusions with transparent reasons.To verify our approach, a broadly known intrusion dataset (i.e. NSL-KDD) is used. We found that the generated rules maintain a high performance rate and provide clear explanations. The proposed predictive model resulted about 96% of accuracy in detecting exact attack categories. With the interactive visual analysis, a significant difference among the attack categories was discovered by visually representing attacks in separated clusters. Overall, our multi-level detection method is well-suited for identifying hidden underlying patterns and attack categories by revealing the relationship among the features of network traffic data.