A Novel Method for Unsupervised Anomaly Detection Using  Unlabelled Data

Most current intrusion detection methods cannot process large amounts of audit data for real-time operation. In this paper, anomaly network intrusion detection method based on principal component analysis (PCA) for data reduction and fuzzy adaptive resonance theory (fuzzy ART) for classifier is presented. Moreover, PCA is applied to reduce the high dimensional data vectors and distance between a vector and its projection onto the subspace reduced is used for anomaly detection. Using a set of benchmark data from KDD (knowledge discovery and data mining) competition designed by DARPA for demonstrate to detection intrusions. Experimental results show the proposed model can classify the network connections with satisfying performance.

[1]  Yiming Yang,et al.  An Evaluation of Statistical Approaches to Text Categorization , 1999, Information Retrieval.

[2]  Roberto Battiti,et al.  Identifying intrusions in computer networks with principal component analysis , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[3]  Anil K. Jain,et al.  Data clustering: a review , 1999, CSUR.

[4]  Ping Xiong,et al.  Optimization of membership functions in anomaly detection based on fuzzy data mining , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[5]  Nei Kato,et al.  A self-adaptive intrusion detection method for AODV-based mobile ad hoc networks , 2005, IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005..

[6]  Alfonso Valdes,et al.  Next-generation Intrusion Detection Expert System (NIDES)A Summary , 1997 .

[7]  Roberto Battiti,et al.  Identifying Intrusions in Computer Networks based on Principal Component Analysis , 2005 .

[8]  Stephen Grossberg,et al.  Fuzzy ART: Fast stable learning and categorization of analog patterns by an adaptive resonance system , 1991, Neural Networks.

[9]  Zhang Yi,et al.  A hierarchical intrusion detection model based on the PCA neural networks , 2007, Neurocomputing.

[10]  S. Srinoy,et al.  Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering , 2006, 2006 International Conference on Hybrid Information Technology.

[11]  Shigeo Abe DrEng Pattern Classification , 2001, Springer London.

[12]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[13]  E. Eskin,et al.  Unsupervised Anomaly Detection Using an Optimized K-Nearest Neighbors Algorithm , .

[14]  Heng Tao Shen,et al.  Principal Component Analysis , 2009, Encyclopedia of Biometrics.

[15]  Sylvain Gombault,et al.  Intrusion detection using principal component analysis , 2003 .

[16]  Christos Faloutsos,et al.  Efficiently supporting ad hoc queries in large datasets of time sequences , 1997, SIGMOD '97.

[17]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .