Anomaly detection by clustering in the network

Feng Guo, Yingzhen Yang, Lian Duan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Intrusions impose serious security threat to network environment, so it is necessary to detect and cope with them. Many intrusion detection methods focus on signature detection, where models are built to recognize known attacks. However, signature detection, limited by its nature, cannot detect novel attacks. New intrusion types, of which detection systems may not even be aware, are difficult to detect. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this paper we present a clustering algorithm to identify outliers. It performs clustering on feature vectors collected from the network and can automatically detect new types of intrusions without need of manual classification of training data. Experimental results show that our system achieves a satisfactory intrusions detection rate while keeping the false positive rate reasonably low.

Original languageEnglish (US)
Title of host publicationProceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009
DOIs
StatePublished - 2009
Externally publishedYes
Event2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009 - Wuhan, China
Duration: Dec 11 2009Dec 13 2009

Publication series

NameProceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009

Conference

Conference2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009
CountryChina
CityWuhan
Period12/11/0912/13/09

Keywords

  • Anomaly detection
  • Clustering
  • Detection rate
  • False positive rate
  • Feature vectors

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computational Theory and Mathematics
  • Software

Fingerprint Dive into the research topics of 'Anomaly detection by clustering in the network'. Together they form a unique fingerprint.

Cite this