Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Applications of Data Mining in Computer Security
Applications of Data Mining in Computer Security
COOLCAT: an entropy-based algorithm for categorical clustering
Proceedings of the eleventh international conference on Information and knowledge management
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Principle Components and Importance Ranking of Distributed Anomalies
Machine Learning
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
ACM Computing Surveys (CSUR)
Anomaly detection using manifold embedding and its applications in transportation corridors
Intelligent Data Analysis - Knowledge Discovery from Data Streams
Outlier ensembles: position paper
ACM SIGKDD Explorations Newsletter
Review: A review of novelty detection
Signal Processing
Hi-index | 0.00 |
The application of data mining techniques in intrusion detection has received a lot of attention lately. Most of the approaches require of a training phase based on the availability of labelled data, where the labels indicate whether the points correspond to normal events or attacks. Unfortunately, this labelled data is not readily available in practice. In this paper we present a novel method based in intersecting segments of unlabelled data and using the intersection as the base data for unsupervised learning (clustering). The clustering algorithm, along with a method to find outliers with respect to the base clusters form the basis for separation of unlabelled data into groups of points that are normal (attack-free) and points that correspond to attacks. We show that the technique is very sucessful in separating points of the data sets of the DARPA, Lincoln Labs evaluation of 1999.