A semi-supervised clustering algorithm for network intrusion detection

被引：0

作者：

Wei X.-T. ^{[1
]}

Huang H.-K. ^{[2
]}

Tian S.-F. ^{[2
]}

机构：

[1] Software of School, Beijing Jiaotong University

[2] School of Computer and Information Technology, Beijing Jiaotong University

来源：

Tiedao Xuebao/Journal of the China Railway Society | 2010年 / 32卷 / 01期

关键词：

Grid-based clustering; Network anomaly detection; Semi-supervised clustering;

D O I：

10.3969/j.issn.1001-8360.2010.01.009

中图分类号：

学科分类号：

摘要：

Intrusion detection is one of the most important techniques in the domain of network security. This paper proposes a novel clustering algorithm, named k-cubes, for network anomaly detection. The network connection data are preprocessed with a grid-based algorithm. Then the grid cells are clustered with the proposed method. The number of clusters is automatically decided by dynamically merging and splitting of clusters. Also the semi-supervised version of k-cubes is presented. Detection rules are produced according to the clustering result. This method is suitable for processing large amount of high dimensional datasets with a lot of symbolic attribute values. It also limits the number of inputting parameters. Experimental results on the KDD99 intrusion detection datasets show that our algorithm achieves a detection rate of 95.82% with a false positive rate of 1.25%, and it detects 15 out of 17 new type of intrusions.

引用

页码：49 / 53

页数：4

共 12 条

[1] Lee W., Stolfo S.J., Mok K.W., Et al., Adaptive intrusion detection: A data mining approach, Artificial Intelligence Review, 14, 6, pp. 533-567, (2000)
[2] Brugger S.T., Data mining methods for network intrusion detection, (2004)
[3] Portnoy L., Intrusion detection with unlabeled data using clustering, (2000)
[4] Wang W., Yang J., Muntz R., STING: A statistical information grid approach to Spatial Data Mining, Proceedings of 23rd International Conference on Very Large Data Bases, pp. 186-195, (1997)
[5] Guan Y., Ghorbani A., Belacel N., Y-means: A clustering method for intrusion detection, Proceedings of Canadian Conference on Electrical and Computer Engineering, pp. 1-4, (2003)
[6] Guha S., Rastogi R., Shim K., ROCK: A robust clustering algorithm for categorical attributes, Information Systems, 25, 5, pp. 345-366, (2000)
[7] Zhexue H., Extensions to the k-means algorithm for clustering large data sets with categorical values, Data Mining and Knowledge Discovery, 2, pp. 283-304, (1998)
[8] KDD cup 1999 data, (1999)
[9] Liu Y.-H., Tian D.-X., Yu X.-G., Wang J., Large-scale network intrusion detection algorithm based on distributed learning, Journal of Software, 19, 4, pp. 993-1003, (2008)
[10] Wang Q., Megalooikonomu V., A clustering algorithm for intrusion detection, Proceedings of Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security, pp. 31-38, (2005)

← 1 2 →