|Table of Contents|

An Unsupervised Anomaly Intrusion Detection for the Mixed Attributes(PDF)

南京师范大学学报(工程技术版)[ISSN:1006-6977/CN:61-1281/TN]

Issue:
2008年02期
Page:
68-73
Research Field:
Publishing date:

Info

Title:
An Unsupervised Anomaly Intrusion Detection for the Mixed Attributes
Author(s):
Zheng MiaomiaoJi Genlin
School of Mathematics and Computer Science,Nanjing Normal University,Nanjing 210097,China
Keywords:
intrusion de tection c lustering m ix ed attributes
PACS:
TP393.08
DOI:
-
Abstract:
The cu rrent intrusion detec tion techniques can no t analyze the attributes com posed by ca tego rica l and suffer h igher fa lse detec tion rate. In th is paper, an e ffective anoma ly detection algorithm based on cluster ing is proposed to deal w ith m ixed a ttr ibu tes. Th is algor ithm, which ge ts c lusterm ode ls by using the c lustering a lgo rithm on un labeled training data, de fines the d istance betw een each pa ir of va lues in one catego rical attr ibute, can deal w ith both the num er ica l and ca tego rical attr ibute e fficiently. Theo re tica l analysis shows that it ho lds no t on ly the essence be tw een d ifferen t values in one categor ica l a ttribute, but a lso the orig inal dim ens ions of the dataset. A t last, expe rim en ts on the KDD-CUP-99 data records of netwo rk connections show that ourm ethod can detect in trusions m ore effic iently wh ile ma inta in ing a low fa lse positive ra te

References:

[ 1] LeeW, S tolfo S J. Datam in ing fram ework for bu ilding intrusion detection m ode ls[ C] / /Proceed ings of the 1999 IEEE Symposium on Secu rity and Pr ivacy. Oakland: IEEE, 1999: 120-132.
[ 2] La zarev icA, Erto z L, Kum arV, e t a.l A comparative study o f anom aly detection schem es in ne tw ork intrusion detection[ C ] / /Proceedings o f the 3nd SIAM Interna tiona l Conference on DataM in ing. San Franc isco, CA: SIAM, 2003: 1-12.
[ 3] Po rtnoy L, Esk in E, Sto lfo S J. In trusion detection w ith unlabe led data us ing c luste ring [ C ] / /Proceed ings of the ACM CSS W o rkshop on DataM in ing Applied to Secur ity. Philadelphia, PA: ACM, 2001: 5-8.
[ 4] The th ird internationa l know ledge discovery and data m ining too ls competition da taset KDDCup- 99[ DB /OL]. [ 1999- 10-28] . http: / /kdd. ics. uc.i edu /da tabases /kddcup99 /kddcup99. htm ,l 1999.
[ 5] Jiaw eiH, Kam be rM. DataM in ing: Concepts and Techn iques[M ]. San Franc isco: M org an Kau fm ann, 2000: 232-233.
[ 6] Esk in E, Arno ld A, Pre rauM, e t a.l A g eom etr ic fram ew ork for unsuperv ised anom aly detec tion: De tecting intrusions in unlabeled data[ C] / /Proceedings o f the DataM ining for Security App lications. Boston: K luw erA cadem ic Press, 2002: 381-390.
[ 7] M odha D S, Spang lerW S. Fea ture we ighting in k-m eans cluster ing [ J]. M achine Learning, 2003, 52( 3): 217-237.
[ 8] W ilson D R, M artinzez T R. Im proved hete rogeneous d istance functions[ J] . Journal ofA rtific ied Inte lligence Research, 1997,6( 1): 1-34.
[ 9] Zhou ZH, Yu Y. Ensem bling loca l learners through mu ltim oda l perturbation[ J]. IEEE T rans System s, M an and Cybernetics B, 2005, 35( 4): 725-735.

Memo

Memo:
-
Last Update: 2013-04-24