A Robust Feature Normalization Scheme and an Optimized Clustering Method for Anomaly-Based Intrusion Detection System
作者: Jungsuk Song , Hiroki Takakura , Yasuo Okabe , Yongjin Kwon
DOI: 10.1007/978-3-540-71703-4_14
关键词: Cluster analysis 、 Labeled data 、 Computer science 、 Intrusion detection system 、 The Internet 、 Normalization (statistics) 、 Data mining 、 Training set 、 Anomaly-based intrusion detection system
摘要: Intrusion detection system(IDS) has played a central role as an appliance to effectively defend our crucial computer systems or networks against attackers on the Internet. Traditional IDSs employ signature-based methods anomaly-based which rely labeled training data. However, they have several problems, for example, it consumes huge amounts of cost and time acquire data, often experienced difficulty in detecting new types attack. In order cope with many researchers proposed various kinds algorithms years. Although do not require data capability detect unforeseen attacks, are based assumption that ratio attack normal is extremely small. may be satisfied realistic situation because some most notably denial-of-service consist large number simultaneous connections. Consequently if fails, performance algorithm will deteriorate. this paper, we present normalization clustering method can overcome limitation We evaluated using KDD Cup 1999 set. Evaluation results show approach constant irrespective increase ratio.
springer.com
springerlink.com参考文章(16)
Geoffrey H. Ball, David J. Hall, ISODATA, A NOVEL METHOD OF DATA ANALYSIS AND PATTERN CLASSIFICATION Stanford Research Institute. ,(1965)
Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, Sal Stolfo, A Geometric Framework for Unsupervised Anomaly Detection Applications of Data Mining in Computer Security. pp. 77- 101 ,(2002) , 10.1007/978-1-4615-0953-0_4
Christopher Leckie, Kingsly Leung, Unsupervised anomaly detection in network intrusion detection using clusters ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38. ,vol. 38, pp. 333- 342 ,(2005)
E Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, Sal Stolfo, A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA APPLICATIONS OF DATA MINING IN COMPUTER SECURITY. pp. 0- 0 ,(2002) , 10.7916/D8D50TQT
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
Richard C. Dubes, Anil K. Jain, Algorithms for clustering data ,(1988)
Lance Parsons, Ehtesham Haque, Huan Liu, Subspace clustering for high dimensional data ACM SIGKDD Explorations Newsletter. ,vol. 6, pp. 90- 105 ,(2004) , 10.1145/1007730.1007731
Y. Guan, A.A. Ghorbani, N. Belacel, Y-means: a clustering method for intrusion detection canadian conference on electrical and computer engineering. ,vol. 2, pp. 1083- 1086 ,(2003) , 10.1109/CCECE.2003.1226084
J. B. Macqueen, Some methods for classification and analysis of multivariate observations Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Volume 1: Statistics. ,vol. 1, pp. 281- 297 ,(1967)
C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models ieee symposium on security and privacy. pp. 133- 145 ,(1999) , 10.1109/SECPRI.1999.766910