Skip to main content

Clustering and Classification Based Anomaly Detection

  • Conference paper
Fuzzy Systems and Knowledge Discovery (FSKD 2006)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4223))

Included in the following conference series:

Abstract

This paper presents an anomaly detection approach based on clustering and classification for intrusion detection (ID). We use connections obtained from raw packet data of the audit trail as basic elements, then map the network connection records into 8 feature spaces typically of high dimension according to their protocols and services. The approach includes two steps, training stage and testing stage. We perform clustering to group training data points into clusters, from which we select some clusters as normal and known-attack profile according to certain criterion. For those training data excluded from the profile, we use them to build a specific classifier. During the testing stage, we utilize influence-based classification algorithm to classify network behaviors. In the algorithm, an influence function quantifies the influence of an object. The experiments on the KDD’99 Intrusion Detection Data Set demonstrate the detection performance and the effectiveness of our ID approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Wang, K., Stolfo, S.J.: Anomalous Payload-Based Network Intrusion Detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 203–222. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  2. Roesch, M.: Snort: The open source network intrusion detection system (2005), http://snort.sourcefire.com/

  3. Stanifor, Hoagland, McAlerney: Practical Automated Detection of Stealthy PortScans. Journal of Computer Security 10(1/2), 105–136 (2002)

    Google Scholar 

  4. Mahoney, M.V., Chan, P.K.: PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Technical report, Florida Tech., technical report CS-2001-4 (April 2001)

    Google Scholar 

  5. Mahoney, M.: Network Traffic Anomaly Detection Based on Packet Bytes. In: Proc. ACM. Symposium on Applied Computing, pp. 346–350 (2003)

    Google Scholar 

  6. Lee, W., Stolfo, S.J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security 3(4), 227–261 (2000)

    Article  Google Scholar 

  7. Barbara, D., Couto, J., Jajodia, S., Wu, N.: ADAM: A Testbed for Exploring the Use of Data Mining in Intrusion Detection. SIGMOD Record, 15–24 (2001)

    Google Scholar 

  8. Ertoz, L., Eilertson, E., et al.: The MINDS - Minnesota Intrusion Detection System. In: Workshop on Next Generation Data Mining, MIT /AAAI Press (2004)

    Google Scholar 

  9. Pfahringer, B.: Winning the KDD99 Classification Cup: Bagged Boosting. SIGKDD explorations 1(2), 65–66 (2000)

    Article  Google Scholar 

  10. Agarwal, R., Joshi, M.V.: PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection). Technical Report TR 00-015, Department of Computer Science, University of Minnesota (2000)

    Google Scholar 

  11. MacQueen: Some methods for classification and analysis of multivariate observations. In: Proc. 5th Berkeley Symp. Math. Statistics and Probability, pp. 281–297 (1967)

    Google Scholar 

  12. Chan, P.K., Mahoney, M.V., Arshad, M.H.: A machine learning approach to anomaly detection. Technical Report, Department of Computer Science, Florida Institute of Technology (2003)

    Google Scholar 

  13. University of California, Irvine: KDD Cup 1999 Data (2005), http://www.ics.uci.edu/~kdd/databases/kddcup99/kddcup99.html

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yang, H., Xie, F., Lu, Y. (2006). Clustering and Classification Based Anomaly Detection. In: Wang, L., Jiao, L., Shi, G., Li, X., Liu, J. (eds) Fuzzy Systems and Knowledge Discovery. FSKD 2006. Lecture Notes in Computer Science(), vol 4223. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11881599_134

Download citation

  • DOI: https://doi.org/10.1007/11881599_134

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-45916-3

  • Online ISBN: 978-3-540-45917-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics