CANN: An intrusion detection system based on combining cluster centers and nearest neighbors
作者: Wei-Chao Lin , Shih-Wen Ke , Chih-Fong Tsai
DOI: 10.1016/J.KNOSYS.2015.01.009
关键词:
摘要: Abstract The aim of an intrusion detection systems (IDS) is to detect various types malicious network traffic and computer usage, which cannot be detected by a conventional firewall. Many IDS have been developed based on machine learning techniques. Specifically, advanced approaches created combining or integrating multiple techniques shown better performance than general single feature representation method important pattern classifier that facilitates correct classifications, however, there very few related studies focusing how extract more representative features for normal connections effective attacks. This paper proposes novel approach, namely the cluster center nearest neighbor (CANN) approach. In this two distances are measured summed, first one distance between each data sample its center, second in same cluster. Then, new one-dimensional used represent k-Nearest Neighbor (k-NN) classifier. experimental results KDD-Cup 99 dataset show CANN not only performs similar k-NN support vector machines trained tested original terms classification accuracy, rates, false alarms. I also provides high computational efficiency time training testing (i.e., detection).
elsevier.com
sci-hub.se 参考文章(38)
Tansel Özyer, Reda Alhajj, Ken Barker, Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening Journal of Network and Computer Applications. ,vol. 30, pp. 99- 113 ,(2007) , 10.1016/J.JNCA.2005.06.002
Wenying Feng, Qinglei Zhang, Gongzhu Hu, Jimmy Xiangji Huang, Mining network data for intrusion detection through combining SVMs with ant colony networks Future Generation Computer Systems. ,vol. 37, pp. 127- 140 ,(2014) , 10.1016/J.FUTURE.2013.06.027
Guisong Liu, Zhang Yi, Shangming Yang, Letters: A hierarchical intrusion detection model based on the PCA neural networks Neurocomputing. ,vol. 70, pp. 1561- 1568 ,(2007) , 10.1016/J.NEUCOM.2006.10.146
Eui-Hong Han, George Karypis, Centroid-Based Document Classification: Analysis and Experimental Results european conference on principles of data mining and knowledge discovery. pp. 424- 431 ,(2000) , 10.1007/3-540-45372-5_46
Zubair A. Baig, Sadiq M. Sait, AbdulRahman Shaheen, GMDH-based networks for intelligent intrusion detection Engineering Applications of Artificial Intelligence. ,vol. 26, pp. 1731- 1740 ,(2013) , 10.1016/J.ENGAPPAI.2013.03.008
Taeshik Shon, Xeno Kovah, Jongsub Moon, Applying genetic algorithm for classifying anomalous TCP/IP packets Neurocomputing. ,vol. 69, pp. 2429- 2433 ,(2006) , 10.1016/J.NEUCOM.2006.01.023
Phurivit Sangkatsanee, Naruemon Wattanapongsakorn, Chalermpol Charnsripinyo, Practical real-time intrusion detection using machine learning approaches Computer Communications. ,vol. 34, pp. 2227- 2235 ,(2011) , 10.1016/J.COMCOM.2011.07.001
Emiro de la Hoz, Eduardo de la Hoz, Andrés Ortiz, Julio Ortega, Antonio Martínez-Álvarez, Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps Knowledge-Based Systems. ,vol. 71, pp. 322- 338 ,(2014) , 10.1016/J.KNOSYS.2014.08.013
Cheng Xiang, Png Chin Yong, Lim Swee Meng, Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees Pattern Recognition Letters. ,vol. 29, pp. 918- 924 ,(2008) , 10.1016/J.PATREC.2008.01.008
A. K. Jain, M. N. Murty, P. J. Flynn, Data clustering: a review ACM Computing Surveys. ,vol. 31, pp. 264- 323 ,(1999) , 10.1145/331499.331504