Optimizing network anomaly detection scheme using instance selection mechanism

Authors:
Yang Li;Tian-Bo Lu;Li Guo;Zhi-Hong Tian;Lin Qi
Affiliations:
Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China and China Mobile Research Institute, Beijing, China;Beijing University of Posts and Telecommunications, Beijing, China;Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China;Harbin Institute of Technology, Harbin, China;University of Maryland, College Park, MD
Venue:
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Year:
2009

Citing 12
Cited 2

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
An introduction to Kolmogorov complexity and its applications (2nd ed.)

An introduction to Kolmogorov complexity and its applications (2nd ed.)
The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Prediction algorithms and confidence measures based on algorithmic randomness theory

Theoretical Computer Science - Natural computing
Transductive Confidence Machines for Pattern Recognition

ECML '02 Proceedings of the 13th European Conference on Machine Learning
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Detecting outliers using transduction and statistical testing

Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Network anomaly detection based on TCM-KNN algorithm

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A lightweight web server anomaly detection method based on transductive scheme and genetic algorithms

Computer Communications
On cluster validity for the fuzzy c-means model

IEEE Transactions on Fuzzy Systems

Abstracting audit data for lightweight intrusion detection

ICISS'10 Proceedings of the 6th international conference on Information systems security
IDS false alarm reduction using an instance selection KNN-memetic algorithm

International Journal of Metaheuristics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network anomaly detection is a classically difficult research topic in intrusion detection. However, existing research has been solely focused on the detection algorithm. An important issue that has not been well studied so far is the selection of normal training data for network anomaly detection algorithm, which is highly related to the detection performance and computational complexity. Based on our previous proposed TCM-KNN (Transductive Confidence Machines for K-Nearest Neighbors) anomaly detection method, which can detect anomalies with high detection rate and low false positive rate, we develop an instance selection mechanism for TCM-KNN based on EFCM (Extended Fuzzy C-Means) clustering algorithm in this paper, aiming at limiting the size of training dataset, thus reducing the computational cost of TCM-KNN and boosting its detection performance. We report the experimental results over real network traffic. The results demonstrate the instance selection method presented in this paper is effective for TCM-KNN and thus optimizing it as an effectively lightweight network anomaly detection scheme.