TY - GEN
T1 - Anomaly detection by clustering in the network
AU - Guo, Feng
AU - Yang, Yingzhen
AU - Duan, Lian
PY - 2009
Y1 - 2009
N2 - Intrusions impose serious security threat to network environment, so it is necessary to detect and cope with them. Many intrusion detection methods focus on signature detection, where models are built to recognize known attacks. However, signature detection, limited by its nature, cannot detect novel attacks. New intrusion types, of which detection systems may not even be aware, are difficult to detect. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this paper we present a clustering algorithm to identify outliers. It performs clustering on feature vectors collected from the network and can automatically detect new types of intrusions without need of manual classification of training data. Experimental results show that our system achieves a satisfactory intrusions detection rate while keeping the false positive rate reasonably low.
AB - Intrusions impose serious security threat to network environment, so it is necessary to detect and cope with them. Many intrusion detection methods focus on signature detection, where models are built to recognize known attacks. However, signature detection, limited by its nature, cannot detect novel attacks. New intrusion types, of which detection systems may not even be aware, are difficult to detect. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this paper we present a clustering algorithm to identify outliers. It performs clustering on feature vectors collected from the network and can automatically detect new types of intrusions without need of manual classification of training data. Experimental results show that our system achieves a satisfactory intrusions detection rate while keeping the false positive rate reasonably low.
KW - Anomaly detection
KW - Clustering
KW - Detection rate
KW - False positive rate
KW - Feature vectors
UR - http://www.scopus.com/inward/record.url?scp=77949701174&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77949701174&partnerID=8YFLogxK
U2 - 10.1109/CISE.2009.5363695
DO - 10.1109/CISE.2009.5363695
M3 - Conference contribution
AN - SCOPUS:77949701174
SN - 9781424445073
T3 - Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009
BT - Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009
T2 - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009
Y2 - 11 December 2009 through 13 December 2009
ER -