|Table of Contents|

Intrusion Detection Based on Unsupervised Clustering Algorithm


Research Field:
Publishing date:


Intrusion Detection Based on Unsupervised Clustering Algorithm
WANG FeiQIAN Yu-wenWANG Zhi-quan
School of Automation,NUST,Nanjing 210094,China
intrusion detection computer crime detectors internet network security unsupervised clustering unlabeled data
An unsupervised clustering algorithm is proposed to solve the problem that most of intrusion detections based on clustering algorithm have artificial parameters.This method has no artificial parameter and is not affected by the order of data entrance.The shape of clusters is arbitrary,which can reflect the real distribution of data.By comparing the distances between unlabeled training data,the algorithm merges characters of clusters according to the characters of nearest samples.When each step of clustering is completed,the algorithm identifies the intrusion clusters by comparing the distances of clusters and calculating the rate of samples of each cluster among all samples.The identified clusters can be used in real data detection.The experimental result shows that the detection rate is 89.5% and the false alarm rate is 0.4% in detecting unknown intrusion.


[ 1] I lgun K, Kemm erer R A, Porras P A. State transitionana ly sis: A rule-based intrusion detection system [ J].IEEE Transactions on Softw are Eng ineer ing, 1995,21( 3) : 181- 199.

[ 2] Portnoy L, Esk in E, Stolfo S J. In trusion detectionw ith un labeled data using cluster ing [ A]. Proceed ing so fACM CSSWo rkshop on DataM in ing App lied to Security( DM SA-2001) [ C ]. Ph ilade lph ia, PA, USA:ACM, 2001. 1- 14.
[ 3] Jiang Sh Y, Song X Y, W angH, et a.l A c luste ringbasedm ethod fo r unsuperv ised intrusion de tections[ J]. Patte rn Recognition Letters, 2006, 27( 7): 802- 810.
[ 4] 罗敏, 王丽娜, 张焕国. 基于无监督聚类的入侵检测方法[ J]. 电子学报, 2003, 31( 11): 1713- 1716.
[ 5] H an J, K amber M. 数据挖掘概念与技术[M ]. 北京: 机械工业出版社, 2001.
[ 6] KDD Cup 1999. KDD dataset[ EB /OL]. http: / /kdd.ics. uc.i edu/ databases/kddcup99 /kddcup99. htm ,l 1999- 10- 28.
[ 7] Barbara D, Jajodia S. Applications o f data m in ing incompu ter secur ity[M ]. Norwe l,l MA, USA: K luw eracadem ic pub lish, 2002. 77- 102.
[ 8] 梁铁柱, 李建成, 王晔. 一种应用聚类技术检测网络入侵的新方法[ J]. 国防科技大学学报, 2002,24( 12): 59- 63.


Last Update: 2012-11-19