Skip to main content
SpringerLink
Log in

Network Anomaly Detection Based on DSOM and ACO Clustering

  • Conference paper
Book cover Advances in Neural Networks – ISNN 2007 (ISNN 2007)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4492))

Included in the following conference series:

Abstract

An approach to network anomaly detection is investigated, based on dynamic self-organizing maps (DSOM) and ant colony optimization (ACO) clustering. The basic idea of the method is to produce the cluster by DSOM and ACO. With the classified data instances, anomaly data clusters can be easily identified by normal cluster ratio. And then the identified cluster can be used in real data detection. In the traditional clustering-based intrusion detection algorithms, clustering using a simple distance-based metric and detection based on the centers of clusters, which generally degrade detection accuracy and efficiency. Our approach based on DSOM and ACO clustering can settle these problems effectively. The experiment results show that our approach can detect unknown intrusions efficiently in the real network connections.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Forrest, S., Perelson, A., Allen, L., Cherukury, R.: Self-Nonself Discrimination in a Computer. In: Proc. IEEE Symp. on research in security and privacy (1994)

    Google Scholar 

  2. Singh, S.: Anomaly Detection using Negative Selection based on the Rcontiguous Matching Rule. In: 1st International Conference on Artificial Immune Systems (ICARIS), pp. 99–106 (2002)

    Google Scholar 

  3. Lane, T., Brodley, C.E.: An Application of Machine Learning to Anomaly Detection. In: Proc. 20th NIST-NCSC National Information Systems Security Conference (1997)

    Google Scholar 

  4. Lane, T., Brodley, C.E.: Sequence Matching and Learning in Anomaly Detection for Computer Security. In: Fawcett, T., Haimowitz, I., Provost, F., Stolfo, S. (eds.) AI Approaches to Fraud Detection and Risk Management, pp. 43–49. AAAI Press, Menlo Park (1997)

    Google Scholar 

  5. Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proc. 8th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 23–26 (2002)

    Google Scholar 

  6. Fan, W., Lee, W., Miller, M., Stolfo, S., Chan, P.: Using Artificial Anomalies to Detect Unknown and Known Network Intrusions. In: Proc. 1st IEEE International conference on Data Mining (2001)

    Google Scholar 

  7. Gonzalez, F., Dasgupta, D.: Neuro-Immune and Self-Organizing Map Approaches to Anomaly Detection: A Comparison. In: 1st International Conference on Artificial Immune Systems (2002)

    Google Scholar 

  8. Portnoy, L., Eskin, E., Stolfo, S.J.: Intrusion Detection with Unlabeled Data using Clustering. In: Proc. ACM CSS Workshop on Data Mining Applied to Security (DMSA2001), Philadelphia, PA (2001)

    Google Scholar 

  9. Kohonen, T.: Self-Organizing Maps. Springer, Berlin (1995)

    Google Scholar 

  10. Alahakoon, L.D., Halgamuge, S.K., Srinivasan, B.: A Structure Adapting Feature Map for Optimal Cluster Representation. In: Proc. Int. Conf. Neural Information Processing, pp. 809–812 (1998)

    Google Scholar 

  11. Han, J., Kamber, M.: Data Mining: Concepts and Techniques. Morgan Kaufmann, San Francisco (2001)

    Google Scholar 

  12. Wu, B., Shi, Z.: A Clustering Algorithm Based on Swarm Intelligence. In: IEEE International Conferences on Info-tech & Info-net Proceeding, Beijing, pp. 58–66 (2001)

    Google Scholar 

  13. Lumer, E., Faieta, B.: Diversity and Adaptation in Populations of Clustering Ants. In: Proc. 3rd International Conference on Simulation of Adaptive Behavior: From Animals to Animats, Cambridge, pp. 499–508 (1994)

    Google Scholar 

  14. Feng, Y., Wu, Z.F., Wu, K.G.: An Unsupervised Anomaly Intrusion Detection Algorithm based on Swarm Intelligence. In: International Conference on Machine Learning and Cybernetics, ICMLC 2005, Guangzhou (2005)

    Google Scholar 

  15. Feng, Y., Wu, K., Wu, Z.F., Xiong, Z.-y.: Intrusion detection based on dynamic self-organizing map neural network clustering. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 428–433. Springer, Heidelberg (2005)

    Google Scholar 

  16. KDD99: KDD99 cup dataset (1999), http://kdd.ics.uci.edu/databases/kddcup99

  17. Eskin, E., Arnold, A., Prerau, M.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Data Mining for Security Applications, Kluwer Academic Publishers, Dordrecht (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science, Chongqing University, Chongqing, 400044, China

    Yong Feng, Jiang Zhong, Zhong-yang Xiong, Chun-xiao Ye & Kai-gui Wu

Authors
  1. Yong Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiang Zhong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhong-yang Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chun-xiao Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kai-gui Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Derong Liu Shumin Fei Zengguang Hou Huaguang Zhang Changyin Sun

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Berlin Heidelberg

About this paper

Cite this paper

Feng, Y., Zhong, J., Xiong, Zy., Ye, Cx., Wu, Kg. (2007). Network Anomaly Detection Based on DSOM and ACO Clustering. In: Liu, D., Fei, S., Hou, Z., Zhang, H., Sun, C. (eds) Advances in Neural Networks – ISNN 2007. ISNN 2007. Lecture Notes in Computer Science, vol 4492. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72393-6_113

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-72393-6_113

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-72392-9

  • Online ISBN: 978-3-540-72393-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation