Abstract
Although conventional clustering algorithms have been used to classify data objects in a data set into the groups of similar data objects based on data similarity, they can be employed to extract the common knowledge i.e. properties of similar data objects commonly appearing in a set of transactions. The common knowledge of the activities in the transactions of a user is represented by the occurrence frequency of similar activities by the unit of a transaction as well as the repetitive ratio of similar activities in each transaction. This paper proposes an optimized clustering method for modeling the normal pattern of a user’s activities. Furthermore, it also addresses how to determine the optimal values of clustering parameters for a user as well as how to maintain identified common knowledge as a concise profile. As a result, it can be used to detect any anomalous behavior in an online transaction of the user.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Harold S. Javitz and Alfonso Valdes, The NIDES Statistical Component Description and Justification, Annual report, SRI International, 333 Ravenwood Avenue, Menlo Park, CA 94025, March 1994.
Phillip A. Porras and Peter G. Neumann, “EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances,” 20th NISSC, October 1997.
Martin Ester, Hans-Peter Kriegel, Sander, Michael Wimmer, Xiaowei Xu, “Incremental Clustering for Mining in a Data Warehousing Environment”, Proceedings of the 24th VLDB Conference, New York, USA, 1998.
Tian Zhang, Raghu Ramakrishnan, and Miron Livny, “Birch: An Efficient data clustering method for very large databases,” Proceedings for the ACM SIGMOD Conference on Management of Data, Montreal, Canada, June 1996.
Sang Hyun Oh and Won Suk Lee, “Clustering Normal User Behavior for Anomaly Intrusion Detection,” Proceeding of the IASTED International Conference on Applied Modeling and Simulation, Cambridge, MA, USA, November 4–6, 2002.
Sun Microsystems. SunShield Basic Security Module Guide.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Oh, S.H., Lee, W.S. (2003). Optimized Clustering for Anomaly Intrusion Detection. In: Whang, KY., Jeon, J., Shim, K., Srivastava, J. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2003. Lecture Notes in Computer Science(), vol 2637. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36175-8_57
Download citation
DOI: https://doi.org/10.1007/3-540-36175-8_57
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-04760-5
Online ISBN: 978-3-540-36175-6
eBook Packages: Springer Book Archive