Network Anomalous Attack Detection Based on Clustering and Classifier

Authors:
Hongyu Yang;Feng Xie;Yi Lu
Affiliations:
Information Technology Research Base, Civil Aviation University of China, Tianjin 300300, China and Tianjin Key Lab for Advanced Signal Processing, Civil Aviation University of China, Tianjin 3003 ...;Software Division, Inst. of Computing Tech., Chinese Academy of Science, Beijing 100080, China;Security and Cryptography Laboratory, Swiss Federal Institute of Technology (EPFL), CH-1015 Lausanne, Switzerland
Venue:
Computational Intelligence and Security
Year:
2007

Citing 3
Cited 0

Efficient algorithms for mining outliers from large data sets

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
ADAM: a testbed for exploring the use of data mining in intrusion detection

ACM SIGMOD Record
Unsupervised anomaly detection in network intrusion detection using clusters

ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38

Quantified Score

Hi-index	0.00

Visualization

Abstract

A new approach to detect anomalous behaviors in network traffic is presented. The network connection records were mapped into different feature spaces according to their protocols and services. Then performed clustering to group training data points into clusters, from which some clusters were selected as normal and known-attack profile. For those training data excluded from the profile, we used them to build a specific classifier. The classifier has two distinct characteristics: one is that it regards each data point in the feature space with the limited influence scope, which is served as the decisive bounds of the classifier, and the other is that it has the "default" label to recognize those novel attacks. The new method was tested on the KDD Cup 1999 data. Experimental results show that it is superior to other data mining based approaches in detection performance, especially in detection of PROBE and U2R attacks.