Silhouettes: a graphical aid to the interpretation and validation of cluster analysis
Journal of Computational and Applied Mathematics
A Validity Measure for Fuzzy Clustering
IEEE Transactions on Pattern Analysis and Machine Intelligence
On Clustering Validation Techniques
Journal of Intelligent Information Systems
Stability-based validation of clustering solutions
Neural Computation
Unsupervised anomaly detection in network intrusion detection using clusters
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
A clustering-based method for unsupervised intrusion detections
Pattern Recognition Letters
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
ACM Computing Surveys (CSUR)
A triangle area based nearest neighbors approach to intrusion detection
Pattern Recognition
Critical Study of Supervised Learning Techniques in Predicting Attacks
Information Security Journal: A Global Perspective
A novel intrusion detection system based on hierarchical clustering and support vector machines
Expert Systems with Applications: An International Journal
Toward credible evaluation of anomaly-based intrusion-detection methods
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Journal of Network and Computer Applications
NADO: network anomaly detection using outlier approach
Proceedings of the 2011 International Conference on Communication, Computing & Security
Mutual information-based feature selection for intrusion detection systems
Journal of Network and Computer Applications
IEEE Transactions on Pattern Analysis and Machine Intelligence
A sober look at clustering stability
COLT'06 Proceedings of the 19th annual conference on Learning Theory
Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge
Computer Communications
Hi-index | 0.00 |
In this paper, we present an effective tree based subspace clustering technique (TreeCLUS) for finding clusters in network intrusion data and for detecting unknown attacks without using any labelled traffic or signatures or training. To establish its effectiveness in finding all possible clusters, we perform a cluster stability analysis. We also introduce an effective cluster labelling technique (CLUSLab) to generate labelled dataset based on the stable cluster set generated by TreeCLUS. CLUSLab is a multi-objective technique that exploits an ensemble approach for stability analysis of the clusters generated by TreeCLUS. We evaluate the performance of both TreeCLUS and CLUSLab in terms of several real world intrusion datasets to identify unknown attacks and find that both outperform the competing algorithms.