Anomaly detection by clustering in the network

Feng Guo; Yingzhen Yang; Lian Duan

doi:10.1109/CISE.2009.5363695

Anomaly detection by clustering in the network

Feng Guo, Yingzhen Yang, Lian Duan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Scopus citations

Abstract

Intrusions impose serious security threat to network environment, so it is necessary to detect and cope with them. Many intrusion detection methods focus on signature detection, where models are built to recognize known attacks. However, signature detection, limited by its nature, cannot detect novel attacks. New intrusion types, of which detection systems may not even be aware, are difficult to detect. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this paper we present a clustering algorithm to identify outliers. It performs clustering on feature vectors collected from the network and can automatically detect new types of intrusions without need of manual classification of training data. Experimental results show that our system achieves a satisfactory intrusions detection rate while keeping the false positive rate reasonably low.

Original language	English (US)
Title of host publication	Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009
DOIs	https://doi.org/10.1109/CISE.2009.5363695
State	Published - 2009
Externally published	Yes
Event	2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009 - Wuhan, China Duration: Dec 11 2009 → Dec 13 2009

Publication series

Name	Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009

Conference

Conference	2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009
Country/Territory	China
City	Wuhan
Period	12/11/09 → 12/13/09

Keywords

Anomaly detection
Clustering
Detection rate
False positive rate
Feature vectors

ASJC Scopus subject areas

Artificial Intelligence
Computational Theory and Mathematics
Software

Access to Document

10.1109/CISE.2009.5363695

Cite this

Anomaly detection by clustering in the network. / Guo, Feng; Yang, Yingzhen; Duan, Lian.
Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009. 2009. 5363695 (Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Guo, F, Yang, Y & Duan, L 2009, Anomaly detection by clustering in the network. in Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009., 5363695, Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009, 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009, Wuhan, China, 12/11/09. https://doi.org/10.1109/CISE.2009.5363695

@inproceedings{32a5f3733e0044429fd5708e13b7dfa7,

title = "Anomaly detection by clustering in the network",

abstract = "Intrusions impose serious security threat to network environment, so it is necessary to detect and cope with them. Many intrusion detection methods focus on signature detection, where models are built to recognize known attacks. However, signature detection, limited by its nature, cannot detect novel attacks. New intrusion types, of which detection systems may not even be aware, are difficult to detect. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this paper we present a clustering algorithm to identify outliers. It performs clustering on feature vectors collected from the network and can automatically detect new types of intrusions without need of manual classification of training data. Experimental results show that our system achieves a satisfactory intrusions detection rate while keeping the false positive rate reasonably low.",

keywords = "Anomaly detection, Clustering, Detection rate, False positive rate, Feature vectors",

author = "Feng Guo and Yingzhen Yang and Lian Duan",

year = "2009",

doi = "10.1109/CISE.2009.5363695",

language = "English (US)",

isbn = "9781424445073",

series = "Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009",

booktitle = "Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009",

note = "2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009 ; Conference date: 11-12-2009 Through 13-12-2009",

}

TY - GEN

T1 - Anomaly detection by clustering in the network

AU - Guo, Feng

AU - Yang, Yingzhen

AU - Duan, Lian

PY - 2009

Y1 - 2009

N2 - Intrusions impose serious security threat to network environment, so it is necessary to detect and cope with them. Many intrusion detection methods focus on signature detection, where models are built to recognize known attacks. However, signature detection, limited by its nature, cannot detect novel attacks. New intrusion types, of which detection systems may not even be aware, are difficult to detect. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this paper we present a clustering algorithm to identify outliers. It performs clustering on feature vectors collected from the network and can automatically detect new types of intrusions without need of manual classification of training data. Experimental results show that our system achieves a satisfactory intrusions detection rate while keeping the false positive rate reasonably low.

AB - Intrusions impose serious security threat to network environment, so it is necessary to detect and cope with them. Many intrusion detection methods focus on signature detection, where models are built to recognize known attacks. However, signature detection, limited by its nature, cannot detect novel attacks. New intrusion types, of which detection systems may not even be aware, are difficult to detect. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this paper we present a clustering algorithm to identify outliers. It performs clustering on feature vectors collected from the network and can automatically detect new types of intrusions without need of manual classification of training data. Experimental results show that our system achieves a satisfactory intrusions detection rate while keeping the false positive rate reasonably low.

KW - Anomaly detection

KW - Clustering

KW - Detection rate

KW - False positive rate

KW - Feature vectors

UR - http://www.scopus.com/inward/record.url?scp=77949701174&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77949701174&partnerID=8YFLogxK

U2 - 10.1109/CISE.2009.5363695

DO - 10.1109/CISE.2009.5363695

M3 - Conference contribution

AN - SCOPUS:77949701174

SN - 9781424445073

T3 - Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009

BT - Proceedings - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009

T2 - 2009 International Conference on Computational Intelligence and Software Engineering, CiSE 2009

Y2 - 11 December 2009 through 13 December 2009

ER -

Anomaly detection by clustering in the network

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this