Cascaded intrusion detection using an improved clustering method

An improved clustering method used for cascaded intrusion detection is proposed in this paper. It can detect different kinds of intrusions by arranging the processing framework in a cascaded way, based on which we can abstract corresponding features to achieve clustering. Computer simulations based on the 1999 KDD CUP dataset show the effectiveness of the proposed approach in detecting various intrusions and superiority to other clustering methods.

[1]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[2]  Sudipto Guha,et al.  CURE: an efficient clustering algorithm for large databases , 1998, SIGMOD '98.

[3]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[4]  Anil K. Jain,et al.  Data clustering: a review , 1999, CSUR.

[5]  Tony R. Martinez,et al.  Improved Heterogeneous Distance Functions , 1996, J. Artif. Intell. Res..

[6]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[7]  Wanli Ma,et al.  A study on the feature selection of network traffic for intrusion detection purpose , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[8]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[9]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[10]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .