IEEE Transactions on Pattern Analysis and Machine Intelligence
Soft combination of neural classifiers: a comparative study
Pattern Recognition Letters
Machine Learning
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
KDD-99 classifier learning contest LLSoft's results overview
ACM SIGKDD Explorations Newsletter
Parzen-Window Network Intrusion Detectors
ICPR '02 Proceedings of the 16 th International Conference on Pattern Recognition (ICPR'02) Volume 4 - Volume 4
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Symbolic dynamic analysis of complex systems for anomaly detection
Signal Processing
Using AUC and Accuracy in Evaluating Learning Algorithms
IEEE Transactions on Knowledge and Data Engineering
A New Dependency and Correlation Analysis for Features
IEEE Transactions on Knowledge and Data Engineering
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Anomaly detection in IP networks
IEEE Transactions on Signal Processing
Switching between selection and fusion in combining classifiers: anexperiment
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Hierarchical Kohonenen net for anomaly detection in network security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
IEEE Transactions on Software Engineering
Developing argumentation processing agents for computer-supported collaborative learning
Expert Systems with Applications: An International Journal
PAISI '09 Proceedings of the Pacific Asia Workshop on Intelligence and Security Informatics
A Classifier Ensemble Approach to Intrusion Detection for Network-Initiated Attacks
Proceedings of the 2007 conference on Emerging Artificial Intelligence Applications in Computer Engineering: Real Word AI Systems with Applications in eHealth, HCI, Information Retrieval and Pervasive Technologies
A novel feature selection based semi-supervised method for image classification
ICVS'08 Proceedings of the 6th international conference on Computer vision systems
Predictive network anomaly detection and visualization
IEEE Transactions on Information Forensics and Security
International Journal of Computational Intelligence Studies
Smoothed Analysis of the k-Means Method
Journal of the ACM (JACM)
Decision tree based light weight intrusion detection using a wrapper approach
Expert Systems with Applications: An International Journal
| Hi-index | 0.01 |
In this paper, we present "K-Means+ID3,” a method to cascade k-Means clustering and the ID3 decision tree learning methods for classifying anomalous and normal activities in a computer network, an active electronic circuit, and a mechanical mass-beam system. The k-Means clustering method first partitions the training instances into k clusters using Euclidean distance similarity. On each cluster, representing a density region of normal or anomaly instances, we build an ID3 decision tree. The decision tree on each cluster refines the decision boundaries by learning the subgroups within the cluster. To obtain a final decision on classification, the decisions of the k-Means and ID3 methods are combined using two rules: 1) the Nearest-neighbor rule and 2) the Nearest-consensus rule. We perform experiments on three data sets: 1) Network Anomaly Data (NAD), 2) Duffing Equation Data (DED), and 3) Mechanical System Data (MSD), which contain measurements from three distinct application domains of computer networks, an electronic circuit implementing a forced Duffing Equation, and a mechanical system, respectively. Results show that the detection accuracy of the K-Means+ID3 method is as high as 96.24 percent at a false-positive-rate of 0.03 percent on NAD; the total accuracy is as high as 80.01 percent on MSD and 79.9 percent on DED.