论文信息 - Adaptive Clustering for Network Intrusion Detection

Adaptive Clustering for Network Intrusion Detection

A major challenge in network intrusion detection is how to perform anomaly detection. In practice, the characteristics of network traffic are typically non-stationary, and can vary over time. In this paper, we present a solution to this problem by developing a time-varying modification of a standard clustering technique, which means we can automatically accommodate non-stationary traffic distributions. In addition, we demonstrate how feature weighting can improve the classification accuracy of our anomaly detection system for certain types of attacks.

Christopher Leckie | Joshua Oldmeadow | Siddarth Ravinutala

[1] Leonid Portnoy,et al. Intrusion detection with unlabeled data using clustering , 2000 .

[2] Salvatore J. Stolfo,et al. Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[3] Stephanie Forrest,et al. Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[4] Stephanie Forrest,et al. Immunity by design: an artificial immune system , 1999 .

[5] Philip K. Chan,et al. Learning nonstationary models of normal network traffic for detecting novel attacks , 2002, KDD.

[6] Harold Joseph Highland,et al. 15th National Computer Security Conference , 1993 .

[7] Biswanath Mukherjee,et al. DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[8] Bernhard Schölkopf,et al. Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[9] Eleazar Eskin,et al. A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[10] Sushil Jajodia,et al. Applications of Data Mining in Computer Security , 2002, Advances in Information Security.