A cooperative network intrusion detection based on heterogeneous distance function clustering

Because the network connection information contains nominal and linear attributes, and linear attributes are divided into continuous and discrete attributes, the network connection information is the heterogeneous data. The heterogeneous distance functions are used to cluster data in this paper. The cooperative network intrusion detection based on semi-supervised clustering algorithm is proposed. Firstly, the network data flows are divided into three data flows (TCP flow, UDP flow, and ICMP flow) according to network protocol and are sent to three detection agents. Then every detection agent constructs the detection model using the fuzzy c-means clustering algorithm based on the HVDM (Heterogeneous Value Difference Metric) distance. Finally, revise and verify the detection model by using test data. Simulation experiments are done by using KDD CUP 1999 data set, results show that the method presented here is feasible and efficient.

[1]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[2]  Zhang Huan-guo An Unsupervised Clustering-Based Intrusion Detection Method , 2003 .

[3]  Ying-jie Lei,et al.  Improved fuzzy C-means clustering algorithm and its application to intrusion detection: Improved fuzzy C-means clustering algorithm and its application to intrusion detection , 2009 .

[4]  Edwin Diday,et al.  A Recent Advance in Data Analysis: Clustering Objects into Classes Characterized by Conjunctive Concepts , 1981 .

[5]  Jeffrey C. Schlimmer Learning and Representation Change , 1987, AAAI.

[6]  Teng Shaohua,et al.  Intrusion Detection Based on Fuzzy Support Vector Machines , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[7]  Zhang Yi An Anomaly Intrusion Detection Technique of Support Vector Machine Based on Rough Set Attribute Reduction , 2006 .

[8]  Christopher J. Merz,et al.  UCI Repository of Machine Learning Databases , 1996 .

[9]  S. Salzberg,et al.  A weighted nearest neighbor algorithm for learning with symbolic features , 2004, Machine Learning.

[10]  David L. Waltz,et al.  Toward memory-based reasoning , 1986, CACM.

[11]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[12]  Wei Zhang,et al.  Scan attack detection based on distributed cooperative model , 2008, 2008 12th International Conference on Computer Supported Cooperative Work in Design.

[13]  Li-Zhong Xiao,et al.  An Algorithm for Automatic Clustering Number Determination in Networks Intrusion Detection: An Algorithm for Automatic Clustering Number Determination in Networks Intrusion Detection , 2008 .

[14]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[15]  Xiao Li An Algorithm for Automatic Clustering Number Determination in Networks Intrusion Detection , 2008 .

[16]  Naiqi Wu,et al.  Cooperative Intrusion Detection Model Based on State Transition Analysis , 2007, CSCWD.

[17]  Lei Ying-jie Improved fuzzy C-means clustering algorithm and its application to intrusion detection , 2009 .

[18]  Tony R. Martinez,et al.  An Empirical Comparison of Discretization Methods , 1995 .

[19]  Tony R. Martinez,et al.  Improved Heterogeneous Distance Functions , 1996, J. Artif. Intell. Res..