An effective unsupervised network anomaly detection method

Authors:
Monowar H. Bhuyan;D. K. Bhattacharyya;J. K. Kalita
Affiliations:
Tezpur University Tezpur, Assam;Tezpur University Tezpur, Assam, India;University of Colorado at Colorado Springs CO
Venue:
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Year:
2012

Citing 19
Cited 0

Silhouettes: a graphical aid to the interpretation and validation of cluster analysis

Journal of Computational and Applied Mathematics
A Validity Measure for Fuzzy Clustering

IEEE Transactions on Pattern Analysis and Machine Intelligence
On Clustering Validation Techniques

Journal of Intelligent Information Systems
Stability-based validation of clustering solutions

Neural Computation
Unsupervised anomaly detection in network intrusion detection using clusters

ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
A clustering-based method for unsupervised intrusion detections

Pattern Recognition Letters
An overview of anomaly detection techniques: Existing solutions and latest technological trends

Computer Networks: The International Journal of Computer and Telecommunications Networking
A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers

Computer Communications
Anomaly detection: A survey

ACM Computing Surveys (CSUR)
A triangle area based nearest neighbors approach to intrusion detection

Pattern Recognition
Critical Study of Supervised Learning Techniques in Predicting Attacks

Information Security Journal: A Global Perspective
A novel intrusion detection system based on hierarchical clustering and support vector machines

Expert Systems with Applications: An International Journal
Toward credible evaluation of anomaly-based intrusion-detection methods

IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification

Journal of Network and Computer Applications
NADO: network anomaly detection using outlier approach

Proceedings of the 2011 International Conference on Communication, Computing & Security
Mutual information-based feature selection for intrusion detection systems

Journal of Network and Computer Applications
A Cluster Separation Measure

IEEE Transactions on Pattern Analysis and Machine Intelligence
A sober look at clustering stability

COLT'06 Proceedings of the 19th annual conference on Learning Theory
Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge

Computer Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present an effective tree based subspace clustering technique (TreeCLUS) for finding clusters in network intrusion data and for detecting unknown attacks without using any labelled traffic or signatures or training. To establish its effectiveness in finding all possible clusters, we perform a cluster stability analysis. We also introduce an effective cluster labelling technique (CLUSLab) to generate labelled dataset based on the stable cluster set generated by TreeCLUS. CLUSLab is a multi-objective technique that exploits an ensemble approach for stability analysis of the clusters generated by TreeCLUS. We evaluate the performance of both TreeCLUS and CLUSLab in terms of several real world intrusion datasets to identify unknown attacks and find that both outperform the competing algorithms.