An unsupervised anomaly detection patterns learning algorithm

Most anomaly detection patterns learning algorithms require a set of purely normal data from which they train their model. If the data contain some intrusions buried within the training data, the algorithm may not detect these attacks because it will assume that they are normal. In reality, it is very hard to guarantee that there are no attack items in the collected training data. In this paper, we present an unsupervised anomaly detection patterns learning algorithm, which can overcome the shortage.

[1]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[2]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[3]  Michalis Vazirgiannis,et al.  Clustering algorithms and validity measures , 2001, Proceedings Thirteenth International Conference on Scientific and Statistical Database Management. SSDBM 2001.

[4]  Eleazar Eskin,et al.  A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[5]  Ron Kohavi,et al.  The Case against Accuracy Estimation for Comparing Induction Algorithms , 1998, ICML.