CLUSTERING-BASED NETWORK INTRUSION DETECTION-Reference-Cited by-同舟云学术

CLUSTERING-BASED NETWORK INTRUSION DETECTION

Published:2007-04 Issue:02 Volume:14 Page:169-187
ISSN:0218-5393
Container-title:International Journal of Reliability, Quality and Safety Engineering
language:en
Short-container-title:Int. J. Rel. Qual. Saf. Eng.

Author:

ZHONG SHI¹,KHOSHGOFTAAR TAGHI M.¹,SELIYA NAEEM²

Affiliation:

1. Computer Science and Engineering, Florida Atlantic University, 777 West Glades Road, Boca Raton, FL 33431, USA

2. Computer and Information Science, University of Michigan – Dearborn, 4901 Evergreen Road, Dearborn, MI 48128, USA

Abstract

Recently data mining methods have gained importance in addressing network security issues, including network intrusion detection — a challenging task in network security. Intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Consequently, unsupervised learning methods have been given a closer look for network intrusion detection. We investigate multiple centroid-based unsupervised clustering algorithms for intrusion detection, and propose a simple yet effective self-labeling heuristic for detecting attack and normal clusters of network traffic audit data. The clustering algorithms investigated include, k-means, Mixture-Of-Spherical Gaussians, Self-Organizing Map, and Neural-Gas. The network traffic datasets provided by the DARPA 1998 offline intrusion detection project are used in our empirical investigation, which demonstrates the feasibility and promise of unsupervised learning methods for network intrusion detection. In addition, a comparative analysis shows the advantage of clustering-based methods over supervised classification techniques in identifying new or unseen attack types.

Publisher

World Scientific Pub Co Pte Lt

Subject

Electrical and Electronic Engineering,Industrial and Manufacturing Engineering,Energy Engineering and Power Technology,Aerospace Engineering,Safety, Risk, Reliability and Quality,Nuclear Energy and Engineering,General Computer Science

Link

https://www.worldscientific.com/doi/pdf/10.1142/S0218539307002568

Reference12 articles.

1. Model-Based Gaussian and Non-Gaussian Clustering

2. Self-Organizing Maps

3. 'Neural-gas' network for vector quantization and its application to time-series prediction

Cited by 52 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Loan Applicant Anomaly Detection;2024 21st International Joint Conference on Computer Science and Software Engineering (JCSSE);2024-06-19

2. A Holistic review and performance evaluation of unsupervised learning methods for network anomaly detection;International Journal on Smart Sensing and Intelligent Systems;2024-04-01

3. Application of Random Forest Algorithm in Network Intrusion Detection of Government Affairs Departments;International Journal of Computational Intelligence and Applications;2024-02-08

4. Adaptive attention principal component analysis with continual learning ability for multimode process monitoring;2023 CAA Symposium on Fault Detection, Supervision and Safety for Technical Processes (SAFEPROCESS);2023-09-22

5. An empirical study on utilizing online k-means clustering for intrusion detection purposes;2023 International Conference on Smart Applications, Communications and Networking (SmartNets);2023-07-25