Skip to main content
SpringerLink
Log in
Book cover

International Conference on Intelligent Computing

ICIC 2005: Advances in Intelligent Computing pp 433–442Cite as

Detecting Anomalous Network Traffic with Combined Fuzzy-Based Approaches

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3645))

Abstract

This paper introduces the combined fuzzy-based approaches to detect the anomalous network traffic such as DoS/DDoS or probing attacks, which include Adaptive Neuro-Fuzzy Inference System (ANFIS) and Fuzzy C-Means (FCM) clustering. The basic idea of the algorithm is: at first using ANFIS the original multi-dimensional (M-D) feature space of network connections is transformed to a compact one-dimensional (1-D) feature space, secondly FCM clustering is used to classify the 1-D feature space into the anomalous and the normal.PCA is also used for dimensional reduction of the original feature space during feature extraction. This algorithm combines the advantages of high accuracy in supervised learning technique and high speed in unsupervised learning technique. A publicly available DRAPA/KDD99 dataset is used to demonstrate the approaches and the results show their accuracy in detecting anomalies of the network connections.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer Worm. IEEE Security and Privacy Magazine 1(4), 33–39 (2003)

    Article  Google Scholar 

  2. Chen, T.M., Robert, J.-M.: Worm Epidemics in High-Speed Networks. IEEE Computer, 48–53 (June 2004)

    Google Scholar 

  3. Lee, W., Stolfo, S., Mok, K.: A Data Mining Framework for Buiding Intrusion Detection Models. In: Proc. of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA (May 1999)

    Google Scholar 

  4. Theodoridis, S., Koutroumbas, K.: Pattern Recognition, 2nd edn. Elsevier Science, Amsterdam (2003)

    Google Scholar 

  5. Kim, D.S., Park, J.S.: Network-Based Intrusion Detection with Support Vector Machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Hofmann, A., Schmitz, C., Sick, B.: Intrusion Detection in Computer Networks with Neural and Fuzzy Classifiers. In: Kaynak, O., Alpaydın, E., Oja, E., Xu, L. (eds.) ICANN 2003 and ICONIP 2003. LNCS, vol. 2714, pp. 316–324. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Ramadas, M., Ostermann, S., Tjaden, B.: Detecting Anomalous Network Traffic with Self–organizing Maps. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 36–54. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Cho, S.–B., Han, S.–J.: Two Sophisticated Techniques to Improve HMM– Based Intrusion Detection Systems. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 207–219. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Oh, S.H., Lee, W.S.: Optimized Clustering for Anomaly Intrusion Detection. In: Whang, K.-Y., Jeon, J., Shim, K., Srivatava, J. (eds.) PAKDD 2003. LNCS (LNAI), vol. 2637, pp. 576–581. Springer, Heidelberg (2003)

    Google Scholar 

  10. Scott, S.L.: A Bayesian Paradigm for Designing Intrusion Detection Systems. Computational Statistics & Data Analysis 45, 69–83 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  11. Thottan, M., Ji, C.: Anomaly Detection in IP Networks. IEEE Tran. on Signal Processing 51(8), 2191–2204 (2003)

    Article  Google Scholar 

  12. Anderson, J.P.: Computer Secuirty Threat Monitoring and Surveillance. Technical Report, Fort Washington. Pennsyslvania (April 1980)

    Google Scholar 

  13. Denning, D.E.: An Intrusion Detection Model. IEEE Trans. on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  14. Yeung, D.-Y., Ding, Y.: Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models. Pattern Recognition 36, 229–243 (2003)

    Article  MATH  Google Scholar 

  15. Verwoerd, T., Hunt, R.: Intrusion Detection Techniques and Approaches. Computer Commnications 25, 1356–1365 (2002)

    Article  Google Scholar 

  16. Jain, A.K., Murty, M.N., Flynn, P.J.: Data Clustering: A Review. ACM Computing Surveys 31(3), 264–323 (1999)

    Article  Google Scholar 

  17. Jang, J.S.R.: ANFIS: Adaptive–Network-Based Fuzzy Inferrence System. IEEE Trans. on Systems, Man and Cybernetics 23(3), 665–685 (1993)

    Article  MathSciNet  Google Scholar 

  18. KDD Cup 1999 Data (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  19. Stolfo, S.J., Fan, W., Lee, W., Prodromidis, A., Chan, P.K.: Cost– Based Modeling and Evaluation for Data Mining with Application to Fraud and Intrusion Detection: Results from the JAM Project. Technical Report (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Application Institute, Sun Yat-sen University, Guangzhou, Guangdong, 510275, China

    Hai-Tao He & Xiao-Nan Luo

  2. College of Textile & Garment, Guangzhou University, Guangzhou, Guangdong, 510310, China

    Bao-Lu Liu

Authors
  1. Hai-Tao He
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiao-Nan Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bao-Lu Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Intelligent Computing Lab, Institute of Intelligent Machines, Chinese Academy of Sciences, China

    De-Shuang Huang

  2. School of Computer & Information Technology, Beijing Jiaotong University, 100044, Beijing, P.R. China

    Xiao-Ping Zhang

  3. School of Electrical and Electronic Engineering, Nanyang Technological University, Singapore

    Guang-Bin Huang

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

He, HT., Luo, XN., Liu, BL. (2005). Detecting Anomalous Network Traffic with Combined Fuzzy-Based Approaches. In: Huang, DS., Zhang, XP., Huang, GB. (eds) Advances in Intelligent Computing. ICIC 2005. Lecture Notes in Computer Science, vol 3645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11538356_45

Download citation

  • DOI: https://doi.org/10.1007/11538356_45

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28227-3

  • Online ISBN: 978-3-540-31907-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation