Labelling Clusters in an Intrusion Detection System Using a Combination of Clustering Evaluation Techniques

Authors:
Slobodan Petrovic;Gonzalo Alvarez;Agustin Orfila;Javier Carbo
Affiliations:
Gjøvik University College;Institute of Applied Physics;Carlos III University of Madrid;Carlos III University of Madrid
Venue:
HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 06
Year:
2006

Citing 0
Cited 2

Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees

Pattern Recognition Letters
An evaluation of connection characteristics for separating network attacks

International Journal of Security and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

A new clusters labelling strategy, which combines the computation of the Davies-Bouldin index of the clustering and the centroid diameters of the clusters is proposed for application in anomaly based intrusion detection systems (IDS). The aim of such a strategy is to detect compact clusters containing very similar vectors and these are highly likely to be attack vectors. Experimental results comparing the effectiveness of a multiple classifier IDS with such a labelling strategy and that of the classical cardinality labelling based IDS show that the proposed strategy behaves much better in a heavily attacked environment where massive attacks are present. The parameters of the labelling algorithm can be varied in order to adapt to the conditions in the monitored network.