A new intrusion detection system using support vector machines and hierarchical clustering
作者: Latifur Khan , Mamoun Awad , Bhavani Thuraisingham
DOI: 10.1007/S00778-006-0002-5
关键词:
摘要: Whenever an intrusion occurs, the security and value of a computer system is compromised. Network-based attacks make it difficult for legitimate users to access various network services by purposely occupying or sabotaging resources services. This can be done sending large amounts traffic, exploiting well-known faults in networking services, overloading hosts. Intrusion Detection attempts detect examining data records observed processes on split into two groups, anomaly detection systems misuse systems. Anomaly attempt search malicious behavior that deviates from established normal patterns. Misuse used identify intrusions match known attack scenarios. Our interest here our proposed method scalable solution detecting network-based anomalies. We use Support Vector Machines (SVM) classification. The SVM one most successful classification algorithms mining area, but its long training time limits use. paper presents study enhancing SVM, specifically when dealing with sets, using hierarchical clustering analysis. Dynamically Growing Self-Organizing Tree (DGSOT) algorithm because has proved overcome drawbacks traditional (e.g., agglomerative clustering). Clustering analysis helps find boundary points, which are qualified points train between classes. present new approach combination DGSOT, starts initial set expands gradually structure produced DGSOT algorithm. compare Rocchio Bundling technique random selection terms accuracy loss gain single benchmark real set. show variations contribute significantly improving process high generalization outperform technique.
springer.com
acm.org
sci-hub.se 参考文章(38)
Yihua Liao, V. Rao Vemuri, Wenjie Hu, Robust Support Vector Machines for Anomaly Detection in Computer Security. international conference on machine learning and applications. pp. 168- 174 ,(2003)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Ramesh Agarwal, Mahesh V Joshi, None, PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection). siam international conference on data mining. pp. 1- 17 ,(2001)
Boleslaw K. Szymanski, Alan Bivens, Joel W. Branch, Taek Kyeun Lee, Chi Yu Chan, Denial of Service Intrusion Detection Using Time Dependent Deterministic Finite Automata ,(2002)
D. Wyschogrod, D. J. Fried, K. R. Kendall, R. K. Cunningham, Richard Lippmann, Isaac Graf, S. E. Webster, S. L. Garfinkel, D. J. McClung, Richard P. Lippmann, D. J. Weber, A. S. Gorton, M. A. Zissman, The 1998 DARPA/AFRL Off-line Intrusion Detection Evaluation ,(1998)
Luc Girardin, Dominique Brodbeck, A Visual Approach for Monitoring Logs usenix large installation systems administration conference. pp. 299- 308 ,(1998)
Sid Ray, Rose H Turi, Determination of Number of Clusters in K-Means Clustering and Application in Colour Image Segmentation international conference on advances in pattern recognition. pp. 137- 143 ,(2000)
David Marchette, A Statistical Method for Profiling Network Traffic ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 119- 128 ,(1999)
Andreas Wespi, Marc Dacier, Hervé Debar, A revised taxonomy for intrusion-detection systems Annales Des Télécommunications. ,vol. 55, pp. 361- 378 ,(2000) , 10.1007/BF02994844
Eugene H. Spafford, Sandeep Kumar, A Software Architecture to Support Misuse Intrusion Detection ,(1995)