Abstract
Coupled with the explosion of number of the network-oriented applications, intrusion detection as an increasingly popular area is attracting more and more research efforts, especially in anomaly intrusion detection area. Literature shows clustering techniques, like K-means, are very useful methods for the intrusion detection but suffer several major shortcomings, for example the value of K of K-means is particularly unknown, which has great influence on detection ability. In this paper, a heuristic clustering algorithm called G-means is presented for intrusion detection, which is based on density-based clustering and K-means and overcomes the shortcomings of K-means. The results of experiments show that G-means is an effective method for the intrusion detection with the high Detection Rate and the low False Positive Rate, as it can reveal the number of clusters in the dataset and initialize reasonably the cluster centroids, which makes G-means accelerate the convergence and obtain preferable performance than K-means.
* Foundation item: Supported by the Natural Science Foundation of Shandong Province (Y2007G37) and the Science and Technology Development Program of Shandong Province (2007GG10001012).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Wenke, L., Stolfo, S.J., Mok, K.W.: A Data Mining Framework for Building Intrusion Detection Models. In: The 1999 IEEE Symposium on Security and Privacy, pp. 120–132. IEEE Press, Oakland (1999)
MacQueen, J.B.: Some Methods for Classification and Analysis of Multivariate Observations. In: 5th Berkeley Symposium on Mathematical Statistics and Probability, pp. 281–297. University of California Press, Berkeley (1967)
Portnoy, L., Eskin, E., Stolfo, S.: Intrusion Detection with Unlabeled Data Using Clustering. In: ACM CSS Workshop on Data Mining Applied to Security, pp. 5–8. ACM Press, Philadelphia (2001)
Mihael, A., Markus, M.B., Hans-Peter, K., Jörg, S.: OPTICS: Ordering Points to Identify the Clustering Structure. In: ACM SIGMOD 1999 International Conference on Management of Data, pp. 49–60. ACM Press, Philadelphia (1999)
KDD Cup 1999 Data. University of California, Irvine, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Qiang, W., Vasileios, M.: A Clustering Algorithm for Intrusion Detection. In: The SPIE Conference on Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security, Florida, vol. 5812, pp. 31–38 (2005)
Hansen, P., Mladenovic, N.: J-means: A New Local Search Heuristic for Minimum Sum of Squares Clustering. Pattern Recognition, Biol. 34, 405–413 (2001)
Stefan, B., Daniel, A.K., Hans-Peter, K.: The X-Tree: An Index Structure for High-Dimensional Data. In: 22nd VLDB Conference, pp. 28–39. Morgan Kaufmann Publishers Inc., Mumbai (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhao, Z., Guo, S., Xu, Q., Ban, T. (2009). G-Means: A Clustering Algorithm for Intrusion Detection. In: Köppen, M., Kasabov, N., Coghill, G. (eds) Advances in Neuro-Information Processing. ICONIP 2008. Lecture Notes in Computer Science, vol 5506. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02490-0_69
Download citation
DOI: https://doi.org/10.1007/978-3-642-02490-0_69
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02489-4
Online ISBN: 978-3-642-02490-0
eBook Packages: Computer ScienceComputer Science (R0)