A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System
作者: J. SONG , K. OHIRA , H. TAKAKURA , Y. OKABE , Y. KWON
DOI: 10.1093/IETISY/E91-D.5.1282
关键词: Intrusion detection system 、 Data set 、 Artificial intelligence 、 Computer science 、 False positive rate 、 Signature (logic) 、 Unsupervised learning 、 The Internet 、 Intrusion prevention system 、 Cluster analysis 、 Data mining 、 Anomaly-based intrusion detection system
摘要: Intrusion detection system (IDS) has played a central role as an appliance to effectively defend our crucial computer systems or networks against attackers on the Internet. The most widely deployed and commercially available methods for intrusion employ signature-based detection. However, they cannot detect unknown intrusions intrinsically which are not matched signatures, their consume huge amounts of cost time acquire signatures. In order cope with problems, many researchers have proposed various kinds that based unsupervised learning techniques. Although enable one construct model low effort, capability unforeseen attacks, still mainly two problems in detection: rate high false positive rate. this paper, we present new clustering method improve while maintaining We evaluated using KDD Cup 1999 data set. Evaluation results show superiority approach other existing algorithms reported literature.
acm.org
unirioja.es
harvard.edu
sci-hub.st 参考文章(15)
Jungsuk Song, Hiroki Takakura, Yasuo Okabe, Yongjin Kwon, A Robust Feature Normalization Scheme and an Optimized Clustering Method for Anomaly-Based Intrusion Detection System Advances in Databases: Concepts, Systems and Applications. pp. 140- 151 ,(2007) , 10.1007/978-3-540-71703-4_14
Reza Sadoddin, Ali A. Ghorbani, A Comparative Study of Unsupervised Machine Learning and Data Mining Techniques for Intrusion Detection machine learning and data mining in pattern recognition. pp. 404- 418 ,(2007) , 10.1007/978-3-540-73499-4_31
Christopher Leckie, Kingsly Leung, Unsupervised anomaly detection in network intrusion detection using clusters ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38. ,vol. 38, pp. 333- 342 ,(2005)
E Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, Sal Stolfo, A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA APPLICATIONS OF DATA MINING IN COMPUTER SECURITY. pp. 0- 0 ,(2002) , 10.7916/D8D50TQT
Joshua Oldmeadow, Siddarth Ravinutala, Christopher Leckie, Adaptive Clustering for Network Intrusion Detection Advances in Knowledge Discovery and Data Mining. pp. 255- 259 ,(2004) , 10.1007/978-3-540-24775-3_33
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
Lance Parsons, Ehtesham Haque, Huan Liu, Subspace clustering for high dimensional data ACM SIGKDD Explorations Newsletter. ,vol. 6, pp. 90- 105 ,(2004) , 10.1145/1007730.1007731
Y. Guan, A.A. Ghorbani, N. Belacel, Y-means: a clustering method for intrusion detection canadian conference on electrical and computer engineering. ,vol. 2, pp. 1083- 1086 ,(2003) , 10.1109/CCECE.2003.1226084
J. B. Macqueen, Some methods for classification and analysis of multivariate observations Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Volume 1: Statistics. ,vol. 1, pp. 281- 297 ,(1967)
C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models ieee symposium on security and privacy. pp. 133- 145 ,(1999) , 10.1109/SECPRI.1999.766910