TY  - JOUR
T1  - A Malicious Traffic Detection Method Using X-means Clustering
AU  - Han, Myoungji 
AU  - Lim, Jihyuk 
AU  - Choi, Junyong 
AU  - Kim, Hyunjoon 
AU  - Seo, Jungjoo 
AU  - Yu, Cheol 
AU  - Kim, Sung-Ryul 
AU  - Park, Kunsoo 
JO  - Journal of KIISE, JOK
PY  - 2014
DA  - 2014/9/14
DO  - 
KW  - malicious traffic
KW  - DDoS attack
KW  - botnet
KW  - clustering
KW  - metrics
AB  - Malicious traffic, such as DDoS attack and botnet communications, refers to traffic that is generated for the purpose of disturbing internet networks or harming certain networks, servers, or hosts. As malicious traffic has been constantly evolving in terms of both quality and quantity, there have been many researches fighting against it. In this paper, we propose an effective malicious traffic detection method that exploits the X-means clustering algorithm. We also suggest how to analyze statistical characteristics of malicious traffic and to define metrics that are used when clustering. Finally, we verify effectiveness of our method by experiments with two released traffic data.