Skip to main content
SpringerLink
Log in

Optimized Clustering for Anomaly Intrusion Detection

  • Conference paper
  • First Online:
Book cover Advances in Knowledge Discovery and Data Mining (PAKDD 2003)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 2637))

Included in the following conference series:

Abstract

Although conventional clustering algorithms have been used to classify data objects in a data set into the groups of similar data objects based on data similarity, they can be employed to extract the common knowledge i.e. properties of similar data objects commonly appearing in a set of transactions. The common knowledge of the activities in the transactions of a user is represented by the occurrence frequency of similar activities by the unit of a transaction as well as the repetitive ratio of similar activities in each transaction. This paper proposes an optimized clustering method for modeling the normal pattern of a user’s activities. Furthermore, it also addresses how to determine the optimal values of clustering parameters for a user as well as how to maintain identified common knowledge as a concise profile. As a result, it can be used to detect any anomalous behavior in an online transaction of the user.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Harold S. Javitz and Alfonso Valdes, The NIDES Statistical Component Description and Justification, Annual report, SRI International, 333 Ravenwood Avenue, Menlo Park, CA 94025, March 1994.

    Google Scholar 

  2. Phillip A. Porras and Peter G. Neumann, “EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances,” 20th NISSC, October 1997.

    Google Scholar 

  3. Martin Ester, Hans-Peter Kriegel, Sander, Michael Wimmer, Xiaowei Xu, “Incremental Clustering for Mining in a Data Warehousing Environment”, Proceedings of the 24th VLDB Conference, New York, USA, 1998.

    Google Scholar 

  4. Tian Zhang, Raghu Ramakrishnan, and Miron Livny, “Birch: An Efficient data clustering method for very large databases,” Proceedings for the ACM SIGMOD Conference on Management of Data, Montreal, Canada, June 1996.

    Google Scholar 

  5. Sang Hyun Oh and Won Suk Lee, “Clustering Normal User Behavior for Anomaly Intrusion Detection,” Proceeding of the IASTED International Conference on Applied Modeling and Simulation, Cambridge, MA, USA, November 4–6, 2002.

    Google Scholar 

  6. Sun Microsystems. SunShield Basic Security Module Guide.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Yonsei University, 134 Seodaemoon-gu, Shinchon-dong, Seoul, 120-749, Korea

    Sang Hyun Oh & Won Suk Lee

Authors
  1. Sang Hyun Oh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Won Suk Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Korea Advanced Institute of Science and Technology, 373-1 Koo-Sung Dong, Yoo-Sung Ku, Daejeon, 305-701, Korea

    Kyu-Young Whang

  2. Department of Statistics, Seoul National University, Sillimdong Kwanakgu, Seoul, 151-742, Korea

    Jongwoo Jeon

  3. School of Electrical Engineering and Computer Science, Seoul National University, Kwanak P.O. Box 34, Seoul, 151-742, Korea

    Kyuseok Shim

  4. Department of Computer Science and Engineering, University of Minnesota, 200 Union St SE, Minneapolis, MN, 55455, USA

    Jaideep Srivastava

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Oh, S.H., Lee, W.S. (2003). Optimized Clustering for Anomaly Intrusion Detection. In: Whang, KY., Jeon, J., Shim, K., Srivastava, J. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2003. Lecture Notes in Computer Science(), vol 2637. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36175-8_57

Download citation

  • DOI: https://doi.org/10.1007/3-540-36175-8_57

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-04760-5

  • Online ISBN: 978-3-540-36175-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation