An Unsupervised Intrusion Detection Method Combined Clustering with Chaos Simulated Annealing

Keeping networks security has never been such an imperative task as today. Threats come from hardware failures, software flaws, tentative probing and malicious attacks. In this paper, a new detection method, Intrusion Detection based on Unsupervised Clustering and Chaos Simulated Annealing algorithm (IDCCSA), is proposed. As a novel optimization technique, chaos has gained much attention and some applications during the past decade. For a given energy or cost function, by following chaotic ergodic orbits, a chaotic dynamic system may eventually reach the global optimum or its good approximation with high probability. To enhance the performance of simulated annealing which is to find a near-optimal partitioning clustering, simulated annealing algorithm is proposed by incorporating chaos. Experiments with KDD cup 1999 show that the simulated annealing combined with chaos can effectively enhance the searching efficiency and greatly improve the detection quality.

[1]  Ujjwal Maulik,et al.  An evolutionary technique based on K-Means algorithm for optimal clustering in RN , 2002, Inf. Sci..

[2]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[3]  Yiu-ming Cheung,et al.  k*-Means: A new generalized k-means clustering algorithm , 2003, Pattern Recognit. Lett..

[4]  Won Suk Lee,et al.  An anomaly intrusion detection method by clustering normal user behavior , 2003, Comput. Secur..

[5]  Yiguo Qiao,et al.  Anomaly intrusion detection method based on HMM , 2002 .

[6]  Andrew H. Sung,et al.  Identifying key features for intrusion detection using neural networks , 2002 .

[7]  Zhenying Ma,et al.  A Genetic SOM Clustering Algorithm for Intrusion Detection , 2005, ISNN.

[8]  Donald E. Brown,et al.  A practical application of simulated annealing to clustering , 1990, Pattern Recognit..

[9]  Klaus-Robert Müller,et al.  From outliers to prototypes: Ordering data , 2006, Neurocomputing.

[10]  Juan M. Est,et al.  Measuring normality in HTTP traffic for anomaly-based intrusion detection , 2004 .

[11]  Hui Wang,et al.  A clustering-based method for unsupervised intrusion detections , 2006, Pattern Recognit. Lett..

[12]  Jing Zhang,et al.  Factor analysis based anomaly detection , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[13]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[14]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.