Intrusion detection has become an important part of assuring the computer security. It borrows various algorithms from statistics, machine learning, etc. We introduce in this paper a supervised clustering and classification algorithm (CCAS) and its application in learning patterns of normal and intrusive activities and detecting suspicious activity records. This algorithm utilizes a heuristic in grid-based clustering. Several post-processing techniques including data redistribution, supervised grouping of clusters, and removal of outliers, are used to enhance the scalability and robustness. This algorithm is applied to a large set of computer audit data for intrusion detection. We describe the analysis method in using this data set. The results show that CCAS makes significant improvement in performance with regard to detection ability and robustness.
|Original language||English (US)|
|Number of pages||13|
|Journal||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|State||Published - Dec 1 2004|
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)