Skip to main content
SpringerLink
Log in

Cluster Analysis for Anomaly Detection

  • Conference paper
Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS’08

Part of the book series: Advances in Soft Computing ((AINSC,volume 53))

Abstract

This document presents a technique of traffic analysis, looking for attempted intrusion and information attacks. A traffic classifier aggregates packets in clusters by means of an adapted genetic algorithm. In a network with traffic homogenous over the time, clusters do not vary in number and characteristics. In the event of attacks or introduction of new applications the clusters change in number and characteristics. The set of data processed for the test are extracted from traffic DARPA, provided by MIT Lincoln Labs and commonly used to test effectiveness and efficiency of systems for Intrusion Detection. The target events of the trials are Denial of Service and Reconaissance. The experimental evidence shows that, even with an input of unrefined data, the algorithm is able to classify, with discrete accuracy, malicious events.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Rouil, Chevrollier, Golmie: Unsupervised anomaly detection system using next-generation router architecture (2005)

    Google Scholar 

  2. Leon, Nasraoui, Gomez: Anomaly detection based on unsupervised niche clustering with application to network intrusion detection

    Google Scholar 

  3. Cerbara, I.: Cenni sulla cluster analysis (1999)

    Google Scholar 

  4. Lee, S.: A framework for constructing features and models for intrusion detection systems (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. System Management, Inc., Italy

    Giuseppe Lieto, Fabio Orsini & Genoveffa Pagano

Authors
  1. Giuseppe Lieto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabio Orsini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Genoveffa Pagano
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Universidad de Burgos, Burgos, Spain

    Emilio Corchado

  2. University of Genova, Genova, Italy

    Rodolfo Zunino  & Paolo Gastaldo  & 

  3. Escuela Politécnica Superior, Burgos, Spain

    Álvaro Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lieto, G., Orsini, F., Pagano, G. (2009). Cluster Analysis for Anomaly Detection. In: Corchado, E., Zunino, R., Gastaldo, P., Herrero, Á. (eds) Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS’08. Advances in Soft Computing, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88181-0_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-88181-0_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-88180-3

  • Online ISBN: 978-3-540-88181-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation