A hybrid unsupervised clustering-based anomaly detection method

In recent years, machine learning-based cyber intrusion detection methods have gained increasing popularity. The number and complexity of new attacks continue to rise; therefore, effective and intelligent solutions are necessary. Unsupervised machine learning techniques are particularly appealing to intrusion detection systems since they can detect known and unknown types of attacks as well as zero-day attacks. In the current paper, we present an unsupervised anomaly detection method, which combines Sub-Space Clustering (SSC) and One Class Support Vector Machine (OCSVM) to detect attacks without any prior knowledge. The proposed approach is evaluated using the well-known NSL-KDD dataset. The experimental results demonstrate that our method performs better than some of the existing techniques.

[1]  Andrew H. Sung,et al.  Cyber Security Challenges: Designing Efficient Intrusion Detection Systems and Antivirus Tools , 2004 .

[2]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[3]  Paul D. Yoo,et al.  From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods , 2018, IEEE Communications Surveys & Tutorials.

[4]  Philippe Owezarski,et al.  Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge , 2012, Comput. Commun..

[5]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[6]  Anil K. Jain Data clustering: 50 years beyond K-means , 2008, Pattern Recognit. Lett..

[7]  M. Sadiq Ali Khan,et al.  Rule based Network Intrusion Detection using Genetic Algorithm , 2011 .

[8]  Huan Liu,et al.  Subspace clustering for high dimensional data: a review , 2004, SKDD.

[9]  E. Sandstrom,et al.  Cyber security , 2005, International Symposium CIGRE/IEEE PES, 2005..

[10]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[11]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[12]  Lijuan Wang,et al.  Data-Intensive Service Provision Based on Particle Swarm Optimization , 2018, Int. J. Comput. Intell. Syst..

[13]  Payam Vahdani Amoli,et al.  Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets , 2015 .

[14]  William H. Sanders,et al.  Intrusion detection in enterprise systems by combining and clustering diverse monitor data , 2016, HotSoS.

[15]  Lijuan Wang,et al.  A Systematic Review of Bio-Inspired Service Concretization , 2017, IEEE Transactions on Services Computing.

[16]  Ana L. N. Fred,et al.  Combining multiple clusterings using evidence accumulation , 2005, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[17]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[18]  Misty K. Blowers,et al.  Machine Learning Applied to Cyber Operations , 2014, Network Science and Cybersecurity.

[19]  Dongjoon Kong,et al.  A differentiated one-class classification method with applications to intrusion detection , 2012, Expert Syst. Appl..

[20]  Radu State,et al.  Machine Learning Approach for IP-Flow Record Anomaly Detection , 2011, Networking.

[21]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[22]  Tao Jin,et al.  Feed-back neural networks with discrete weights , 2012, Neural Computing and Applications.