Abstract
An approach to network anomaly detection is investigated, based on dynamic self-organizing maps (DSOM) and ant colony optimization (ACO) clustering. The basic idea of the method is to produce the cluster by DSOM and ACO. With the classified data instances, anomaly data clusters can be easily identified by normal cluster ratio. And then the identified cluster can be used in real data detection. In the traditional clustering-based intrusion detection algorithms, clustering using a simple distance-based metric and detection based on the centers of clusters, which generally degrade detection accuracy and efficiency. Our approach based on DSOM and ACO clustering can settle these problems effectively. The experiment results show that our approach can detect unknown intrusions efficiently in the real network connections.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Forrest, S., Perelson, A., Allen, L., Cherukury, R.: Self-Nonself Discrimination in a Computer. In: Proc. IEEE Symp. on research in security and privacy (1994)
Singh, S.: Anomaly Detection using Negative Selection based on the Rcontiguous Matching Rule. In: 1st International Conference on Artificial Immune Systems (ICARIS), pp. 99–106 (2002)
Lane, T., Brodley, C.E.: An Application of Machine Learning to Anomaly Detection. In: Proc. 20th NIST-NCSC National Information Systems Security Conference (1997)
Lane, T., Brodley, C.E.: Sequence Matching and Learning in Anomaly Detection for Computer Security. In: Fawcett, T., Haimowitz, I., Provost, F., Stolfo, S. (eds.) AI Approaches to Fraud Detection and Risk Management, pp. 43–49. AAAI Press, Menlo Park (1997)
Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proc. 8th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 23–26 (2002)
Fan, W., Lee, W., Miller, M., Stolfo, S., Chan, P.: Using Artificial Anomalies to Detect Unknown and Known Network Intrusions. In: Proc. 1st IEEE International conference on Data Mining (2001)
Gonzalez, F., Dasgupta, D.: Neuro-Immune and Self-Organizing Map Approaches to Anomaly Detection: A Comparison. In: 1st International Conference on Artificial Immune Systems (2002)
Portnoy, L., Eskin, E., Stolfo, S.J.: Intrusion Detection with Unlabeled Data using Clustering. In: Proc. ACM CSS Workshop on Data Mining Applied to Security (DMSA2001), Philadelphia, PA (2001)
Kohonen, T.: Self-Organizing Maps. Springer, Berlin (1995)
Alahakoon, L.D., Halgamuge, S.K., Srinivasan, B.: A Structure Adapting Feature Map for Optimal Cluster Representation. In: Proc. Int. Conf. Neural Information Processing, pp. 809–812 (1998)
Han, J., Kamber, M.: Data Mining: Concepts and Techniques. Morgan Kaufmann, San Francisco (2001)
Wu, B., Shi, Z.: A Clustering Algorithm Based on Swarm Intelligence. In: IEEE International Conferences on Info-tech & Info-net Proceeding, Beijing, pp. 58–66 (2001)
Lumer, E., Faieta, B.: Diversity and Adaptation in Populations of Clustering Ants. In: Proc. 3rd International Conference on Simulation of Adaptive Behavior: From Animals to Animats, Cambridge, pp. 499–508 (1994)
Feng, Y., Wu, Z.F., Wu, K.G.: An Unsupervised Anomaly Intrusion Detection Algorithm based on Swarm Intelligence. In: International Conference on Machine Learning and Cybernetics, ICMLC 2005, Guangzhou (2005)
Feng, Y., Wu, K., Wu, Z.F., Xiong, Z.-y.: Intrusion detection based on dynamic self-organizing map neural network clustering. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 428–433. Springer, Heidelberg (2005)
KDD99: KDD99 cup dataset (1999), http://kdd.ics.uci.edu/databases/kddcup99
Eskin, E., Arnold, A., Prerau, M.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Data Mining for Security Applications, Kluwer Academic Publishers, Dordrecht (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Feng, Y., Zhong, J., Xiong, Zy., Ye, Cx., Wu, Kg. (2007). Network Anomaly Detection Based on DSOM and ACO Clustering. In: Liu, D., Fei, S., Hou, Z., Zhang, H., Sun, C. (eds) Advances in Neural Networks – ISNN 2007. ISNN 2007. Lecture Notes in Computer Science, vol 4492. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72393-6_113
Download citation
DOI: https://doi.org/10.1007/978-3-540-72393-6_113
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72392-9
Online ISBN: 978-3-540-72393-6
eBook Packages: Computer ScienceComputer Science (R0)