A grid-based clustering for low-overhead anomaly intrusion detection
作者: Yang Zhong , Hirohumi Yamaki , Hiroki Takakura
DOI: 10.1109/ICNSS.2011.6059955
关键词:
摘要: To defend a network system from security risks, intrusion detection systems (IDSs) have been playing an important role in recent years. There are two types of algorithms IDSs: misuse and anomaly detection. Because is based on signature which created the features attack traffic by experts, it can achieve accurate stable However, its weakness difficulty detecting new attacks (i.e., 0-day attack), cost maintaining latest version. Thinking increase skillful intrusion, e.g., showing similar access behavior to normal, cannot handle these critical attacks, results large number false alarms. cope with problems, we present clustering algorithm unsupervised We evaluated our using Kyoto2006+ data set KDD Cup 1999 set. Evaluation show that approach achieved higher rate region very low positive real-time preprocessing capability.
sci-hub.se 参考文章(12)
A. K. Jain, M. N. Murty, P. J. Flynn, Data clustering: a review ACM Computing Surveys. ,vol. 31, pp. 264- 323 ,(1999) , 10.1145/331499.331504
J. SONG, K. OHIRA, H. TAKAKURA, Y. OKABE, Y. KWON, A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System The IEICE transactions on information and systems. ,vol. 91, pp. 1282- 1291 ,(2008) , 10.1093/IETISY/E91-D.5.1282
Jungsuk SONG, Hiroki TAKAKURA, Yasuo OKABE, Yongjin KWON, Unsupervised Anomaly Detection Based on Clustering and Multiple One-Class SVM IEICE Transactions on Communications. ,vol. 92, pp. 1981- 1990 ,(2009) , 10.1587/TRANSCOM.E92.B.1981
Svante Wold, Kim Esbensen, Paul Geladi, Principal component analysis Chemometrics and Intelligent Laboratory Systems. ,vol. 2, pp. 37- 52 ,(1987) , 10.1016/0169-7439(87)80084-9
Jungsuk Song, Hiroki Takakura, Yasuo Okabe, Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing. pp. 31- 39 ,(2008) , 10.1109/WISTDCS.2008.10
Y. Guan, A.A. Ghorbani, N. Belacel, Y-means: a clustering method for intrusion detection canadian conference on electrical and computer engineering. ,vol. 2, pp. 1083- 1086 ,(2003) , 10.1109/CCECE.2003.1226084
J. B. Macqueen, Some methods for classification and analysis of multivariate observations Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Volume 1: Statistics. ,vol. 1, pp. 281- 297 ,(1967)
Bernhard Schölkopf, John C. Platt, John Shawe-Taylor, Alex J. Smola, Robert C. Williamson, Estimating the Support of a High-Dimensional Distribution Neural Computation. ,vol. 13, pp. 1443- 1471 ,(2001) , 10.1162/089976601750264965
Kun-Lun Li, Hou-Kuan Huang, Sheng-Feng Tian, Wei Xu, Improving one-class SVM for anomaly detection international conference on machine learning and cybernetics. ,vol. 5, pp. 3077- 3081 ,(2003) , 10.1109/ICMLC.2003.1260106
H. Chipman, Hybrid hierarchical clustering with applications to microarray data Biostatistics. ,vol. 7, pp. 286- 301 ,(2005) , 10.1093/BIOSTATISTICS/KXJ007