A novel intrusion detection system based on hierarchical clustering and support vector machines

Authors:
Shi-Jinn Horng;Ming-Yang Su;Yuan-Hsin Chen;Tzong-Wann Kao;Rong-Jian Chen;Jui-Lin Lai;Citra Dwi Perkasa
Affiliations:
Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, 43, Sec/4. Kee-Lung Road, 106 Taipei, Taiwan and Department of Electronic Engineer ...;Department of Computer Science and Information Engineering, Ming Chuan University, Taoyuan, Taiwan;Department of Electronic Engineering, National United University, Miaoli, Taiwan;Department of Electronic Engineering, Northern Taiwan Institute of Science and Technology, Taipei, Taiwan;Department of Electronic Engineering, National United University, Miaoli, Taiwan;Department of Electronic Engineering, National United University, Miaoli, Taiwan;Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, 43, Sec/4. Kee-Lung Road, 106 Taipei, Taiwan
Venue:
Expert Systems with Applications: An International Journal
Year:
2011

Citing 15
Cited 7

The nature of statistical learning theory

The nature of statistical learning theory
BIRCH: an efficient data clustering method for very large databases

SIGMOD '96 Proceedings of the 1996 ACM SIGMOD international conference on Management of data
CURE: an efficient clustering algorithm for large databases

SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
Chameleon: Hierarchical Clustering Using Dynamic Modeling

Computer
Winning the KDD99 classification cup: bagged boosting

ACM SIGKDD Explorations Newsletter
KDD-99 classifier learning contest LLSoft's results overview

ACM SIGKDD Explorations Newsletter
ROCK: A Robust Clustering Algorithm for Categorical Attributes

ICDE '99 Proceedings of the 15th International Conference on Data Engineering
A Stateful Intrusion Detection System for World-Wide Web Servers

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Classifying large data sets using SVMs with hierarchical clusters

Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Anomaly Detection Based Intrusion Detection

ITNG '06 Proceedings of the Third International Conference on Information Technology: New Generations
Modeling Intrusion Detection System by Discovering Association Rule in Rough Set Theory Framework

CIMCA '06 Proceedings of the International Conference on Computational Inteligence for Modelling Control and Automation and International Conference on Intelligent Agents Web Technologies and International Commerce
Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering

ICHIT '06 Proceedings of the 2006 International Conference on Hybrid Information Technology - Volume 01
A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers

Computer Communications
A new intrusion detection system using support vector machines and hierarchical clustering

The VLDB Journal — The International Journal on Very Large Data Bases
An Automatically Tuning Intrusion Detection System

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Seismic assessment of school buildings in Taiwan using the evolutionary support vector machine inference system

Expert Systems with Applications: An International Journal
An effective unsupervised network anomaly detection method

Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Review: Intrusion detection system: A comprehensive review

Journal of Network and Computer Applications
Minimal complexity attack classification intrusion detection system

Applied Soft Computing
Data Field for Hierarchical Clustering

International Journal of Data Warehousing and Mining
D0M-WLAN: a traffic analysis based approach for detecting malicious activities on wireless networks

Proceedings of the 6th International Conference on Security of Information and Networks
Multi-character cost-effective and high throughput architecture for content scanning

Microprocessors & Microsystems

Quantified Score

Hi-index	12.05

Visualization

Abstract

This study proposed an SVM-based intrusion detection system, which combines a hierarchical clustering algorithm, a simple feature selection procedure, and the SVM technique. The hierarchical clustering algorithm provided the SVM with fewer, abstracted, and higher-qualified training instances that are derived from the KDD Cup 1999 training set. It was able to greatly shorten the training time, but also improve the performance of resultant SVM. The simple feature selection procedure was applied to eliminate unimportant features from the training set so the obtained SVM model could classify the network traffic data more accurately. The famous KDD Cup 1999 dataset was used to evaluate the proposed system. Compared with other intrusion detection systems that are based on the same dataset, this system showed better performance in the detection of DoS and Probe attacks, and the beset performance in overall accuracy.