Unsupervised learning techniques for an intrusion detection system

Authors:
Stefano Zanero;Sergio M. Savaresi
Affiliations:
Politecnico di Milano, Milan, Italy;Politecnico di Milano, Milan, Italy
Venue:
Proceedings of the 2004 ACM symposium on Applied computing
Year:
2004

Citing 14
Cited 31

Self-organizing maps

Self-organizing maps
Mining in a data-flow environment: experience in network intrusion detection

KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
Data clustering: a review

ACM Computing Surveys (CSUR)
Intrusion detection systems and multisensor data fusion

Communications of the ACM
On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms

Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining
Data mining: concepts and techniques

Data mining: concepts and techniques
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Clustering Algorithms

Clustering Algorithms
An Eye on Network Intruder-Administrator Shootouts

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Parzen-Window Network Intrusion Detectors

ICPR '02 Proceedings of the 16 th International Conference on Pattern Recognition (ICPR'02) Volume 4 - Volume 4
Detection and classification of TCP/IP network services

ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
An introduction to variable and feature selection

The Journal of Machine Learning Research
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7

Principle Components and Importance Ranking of Distributed Anomalies

Machine Learning
Unsupervised anomaly detection in network intrusion detection using clusters

ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Intrusion detection in computer networks by a modular ensemble of one-class classifiers

Information Fusion
Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees

Pattern Recognition Letters
Detection of unknown computer worms based on behavioral classification of the host

Computational Statistics & Data Analysis
Approximate autoregressive modeling for network attack detection

Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
ULISSE, a network intrusion detection system

Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Traffic Data Preparation for a Hybrid Network IDS

HAIS '08 Proceedings of the 3rd international workshop on Hybrid Artificial Intelligence Systems
Approximate autoregressive modeling for network attack detection

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Reducing false positives in anomaly detectors through fuzzy alert aggregation

Information Fusion
Explanations of unsupervised learning clustering applied to data security analysis

Neurocomputing
MOVIH-IDS: A mobile-visualization hybrid intrusion detection system

Neurocomputing
Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics

IWANN '09 Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part I: Bio-Inspired Systems: Computational and Ambient Intelligence
A supervised learning approach to automate the acquisition of knowledge in surveillance systems

Signal Processing
Application of artificial neural network in detection of DOS attacks

Proceedings of the 2nd international conference on Security of information and networks
Review: The use of computational intelligence in intrusion detection systems: A review

Applied Soft Computing
Human interface for cyber security anomaly detection systems

HSI'09 Proceedings of the 2nd conference on Human System Interactions
Alert verification evasion through server response forging

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
SOM-based anomaly intrusion detection system

EUC'07 Proceedings of the 2007 international conference on Embedded and ubiquitous computing
Using unsupervised learning for network alert correlation

Canadian AI'08 Proceedings of the Canadian Society for computational studies of intelligence, 21st conference on Advances in artificial intelligence
A Framework for Large-Scale Detection of Web Site Defacements

ACM Transactions on Internet Technology (TOIT)
KIDS: keyed intrusion detection system

DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Neural visualization of network traffic data for intrusion detection

Applied Soft Computing
Detecting compounded anomalous SNMP situations using cooperative unsupervised pattern recognition

ICANN'05 Proceedings of the 15th international conference on Artificial neural networks: formal models and their applications - Volume Part II
Identification of anomalous SNMP situations using a cooperative connectionist exploratory projection pursuit model

IDEAL'05 Proceedings of the 6th international conference on Intelligent Data Engineering and Automated Learning
Analyzing TCP traffic patterns using self organizing maps

ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
MOVICAB-IDS: visual analysis of network traffic data streams for intrusion detection

IDEAL'06 Proceedings of the 7th international conference on Intelligent Data Engineering and Automated Learning
Early warning system for cascading effect control in energy control systems

CRITIS'10 Proceedings of the 5th international conference on Critical Information Infrastructures Security
Self-adaptive and dynamic clustering for online anomaly detection

Expert Systems with Applications: An International Journal
An Optimum-Path Forest framework for intrusion detection in computer networks

Engineering Applications of Artificial Intelligence
RT-MOVICAB-IDS: Addressing real-time intrusion detection

Future Generation Computer Systems

Quantified Score

Hi-index	0.01

Visualization

Abstract

With the continuous evolution of the types of attacks against computer networks, traditional intrusion detection systems, based on pattern matching and static signatures, are increasingly limited by their need of an up-to-date and comprehensive knowledge base. Data mining techniques have been successfully applied in host-based intrusion detection. Applying data mining techniques on raw network data, however, is made difficult by the sheer size of the input; this is usually avoided by discarding the network packet contents.In this paper, we introduce a two-tier architecture to overcome this problem: the first tier is an unsupervised clustering algorithm which reduces the network packets payload to a tractable size. The second tier is a traditional anomaly detection algorithm, whose efficiency is improved by the availability of data on the packet payload content.