Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Results of the KDD'99 classifier learning
ACM SIGKDD Explorations Newsletter
Winning the KDD99 classification cup: bagged boosting
ACM SIGKDD Explorations Newsletter
KDD-99 classifier learning contest LLSoft's results overview
ACM SIGKDD Explorations Newsletter
Parzen-Window Network Intrusion Detectors
ICPR '02 Proceedings of the 16 th International Conference on Pattern Recognition (ICPR'02) Volume 4 - Volume 4
Anomaly Detection Using Real-Valued Negative Selection
Genetic Programming and Evolvable Machines
Universal clustering with family of power loss functions in probabilistic space
IDEAL'05 Proceedings of the 6th international conference on Intelligent Data Engineering and Automated Learning
Stock fraud detection using peer group analysis
Expert Systems with Applications: An International Journal
Hi-index | 0.03 |
Signature-based intrusion detection systems look for known, suspicious patterns in the input data. In this paper we explore compression of labeled empirical data using threshold-based clustering with regularization. The main target of clustering is to compress training dataset to the limited number of signatures, and to minimize the number of comparisons that are necessary to determine the status of the input event as a result. Essentially, the process of clustering includes merging of the clusters which are close enough. As a consequence, we will reduce original dataset to the limited number of labeled centroids. In a complex with k-nearest-neighbor (kNN) method, this set of centroids may be used as a multi-class classifier. The experiments on the KDD-99 intrusion detection dataset have confirmed effectiveness of the above procedure.