Abstract
We present a PCA-LVQ method and a balanced-training method for efficient intrusion alert clustering. For the network connection records in the rough 1999 DARPA intrusion dataset, we firstly get a purified and dimension-reduced dataset through Principal Component Analysis (PCA). Then, we use the Learning Vector Quantization (LVQ) neural network to perform intrusion alert clustering on the purified intrusion dataset. To our best knowledge, this is the first attempt of using the LVQ neural network and the PCA-LVQ model on intrusion alert clustering. The experiment results show that the PCA-LVQ model and the balanced-training method are effective: the time costs can be shortened about by three times, and the accuracy of detection can be elevated to a higher level, especially, the clustering accuracy rate of the U2R and R2L alerts can be increased dramatically.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mahoney, M.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic, Ph.D. dissertation, Florida Institute of Technology (2003)
Eskin, E., Arnold, A., Prerau, M., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Applications of Data Mining in Computer Security (2002)
Bouzida, Y., Gombault, S.: EigenConnections to Intrusion Detection. In: Proceedings of the 19th IFIP International Information Security Conference, Kluwer Academic, Dordrecht (2004)
Ramadas, M.: Detecting Anomalous Network Traffic with Self-Organizing Maps. Master’s thesis, Ohio University (March 2003)
kddcup.data, available at, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
jing-xin, W.: Feature selection for the intrusion detection system. In: Proceedings of the sixth conference on computer application and security, China (2002)
Mukkamala1, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. International Journal of Digital Evidence 1(4) (Winter 2003)
Oja, E.: Neural Networks, principal components, and subspaces. International Journal of Neural Systems 1(1), 61–68 (1989)
Jolliffe, I.T.: Principal Component Analysis, 3rd edn. Springer, New York (2002)
Kohonen, T., Hynninen, J., Kangas, J.: LVQ_PAK: The Learning Vector Quantization Program Package. Techinical report (1996)
Hagan, M.T., Demuth, H.B., Beale, N.H.: Neural network design. China Machine Press (August 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, JX., Wang, ZY., Kui-Dai (2006). Intrusion Alert Analysis Based on PCA and the LVQ Neural Network. In: King, I., Wang, J., Chan, LW., Wang, D. (eds) Neural Information Processing. ICONIP 2006. Lecture Notes in Computer Science, vol 4234. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11893295_25
Download citation
DOI: https://doi.org/10.1007/11893295_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46484-6
Online ISBN: 978-3-540-46485-3
eBook Packages: Computer ScienceComputer Science (R0)