A graph-based clustering algorithm for anomaly intrusion detection

Many researchers have argued that data mining can improve the performance of intrusion detection system. So as one of important techniques of data mining, clustering is an important means for intrusion detection. Due to the disadvantages of traditional clustering methods for intrusion detection, this paper presents a graph-based intrusion detection algorithm by using outlier detection method that based on local deviation coefficient (LDCGB). Compared to other intrusion detection algorithm of clustering, this algorithm is unnecessary to initial cluster number. Meanwhile, it is robust in the outlier's affection and able to detect any shape of cluster rather that the circle one only. Moreover, it still has stable rate of detection on unknown or muted attacks. LDCGB uses graph-based cluster algorithm (GB) to get an initial partition of data set which is depended on parameter of cluster precision rather than initial cluster number. On the other hand, because of this intrusion detection model is based on mixed training dataset, so it must have high label accuracy to guarantee its performance. Therefore, in labeling phrase, the algorithm imposes outlier detection algorithm of local deviation coefficient to label the result of GB algorithm again. This measure is able to improve the labeling accuracy. The detection rate and false positive rate are obtained after the algorithm is tested by the KDDCup99 data set. The experimental result shows that the proposed algorithm could get a satisfactory performance.

[1]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[2]  Lei Li,et al.  A novel rule-based Intrusion Detection System using data mining , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[3]  Meng Jianliang,et al.  The Application on Intrusion Detection Based on K-means Cluster Algorithm , 2009, 2009 International Forum on Information Technology and Applications.

[4]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[5]  Kien A. Hua,et al.  Decision tree classifier for network intrusion detection with GA-based feature selection , 2005, ACM Southeast Regional Conference.

[6]  Amutha Prabakar Muniyandi,et al.  Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision Tree algorithm , 2012 .

[7]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[8]  Wei Jiang,et al.  Intrusion Detection Based on Improved Fuzzy C-means Algorithm , 2008, 2008 International Symposium on Information Science and Engineering.

[9]  Lin Guoyuan Intrusion detection method based on graph clustering algorithm , 2011 .

[10]  Lin Ni,et al.  An Unsupervised Intrusion Detection Method Combined Clustering with Chaos Simulated Annealing , 2007, 2007 International Conference on Machine Learning and Cybernetics.

[11]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[12]  Ali A. Ghorbani,et al.  Y-means: a clustering method for intrusion detection , 2003, CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436).

[13]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.