Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification

Authors:
Ming-Yang Su
Affiliations:
Department of Computer Science and Information Engineering, Ming Chuan University, 5 Teh Ming Road, Gwei Shan District, Taoyuan 333, Taiwan, R.O.C.
Venue:
Journal of Network and Computer Applications
Year:
2011

Citing 9
Cited 6

Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control and Artificial Intelligence

Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control and Artificial Intelligence
Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks

SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Unsupervised Clustering Method with Optimal Estimation of the Number of Clusters: Application to Image Segmentation

ICPR '00 Proceedings of the International Conference on Pattern Recognition - Volume 1
Protocol Analysis in Intrusion Detection Using Decision Tree

ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Network Intrusion Detection Through Genetic Feature Selection

SNPD-SAWN '06 Proceedings of the Seventh ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing
Decision tree classifier for network intrusion detection with GA-based feature selection

Proceedings of the 43rd annual Southeast regional conference - Volume 2
Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection

Pattern Recognition
A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers

Computer Communications
Bayesian Neural Networks for Internet Traffic Classification

IEEE Transactions on Neural Networks

An effective unsupervised network anomaly detection method

Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Automatic network intrusion detection: Current techniques and open issues

Computers and Electrical Engineering
Policy-enhanced ANFIS model to counter SOAP-related attacks

Knowledge-Based Systems
A structural approach for modelling the hierarchical dynamic process of Web workload in a large-scale campus network

Journal of Network and Computer Applications
Discovering fuzzy association rule patterns and increasing sensitivity analysis of XML-related attacks

Journal of Network and Computer Applications
Data summarization for network traffic monitoring

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a method to identify flooding attacks in real-time, based on anomaly detection by genetic weighted KNN (K-nearest-neighbor) classifiers. A genetic algorithm is used to train an optimal weight vector for features; meanwhile, an unsupervised clustering algorithm is applied to reduce the number of instances in the sampling dataset, in order to shorten training and execution time, as well as to promote the system's overall accuracy. More precisely, instances in the sampling dataset are replaced by less, but more significant, centroids of clusters. According to the proposed method, a system is implemented and evaluated by numerous Denial-of-Service (DoS) attacks. With an embedded weighted KNN classifier, the proposed system could identify a DoS attack from network traffic within a very short time; moreover, the experimental results show that the proposed system could achieve 95.8654% in overall accuracy in the case of 2-fold cross-validation, and 96.25% in overall accuracy for all known attack evaluations. That is, the proposed system possesses both effectiveness and efficiency. Effectiveness is measured by overall accuracy, including detection rate and false alarm rate, and efficiency is measured by the response time during an attack.