Skip to main content
SpringerLink
Log in

An Effective Distance-Computing Method for Network Anomaly Detection

  • Conference paper
Book cover Security Technology (SecTech 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 259))

Included in the following conference series:

Abstract

Currentlymany traditional network anomaly detection algorithms are proposed to distinguish network anomalies from heavy network traffic. However, most of them are based on data mining or machine learning methods, which brings unexpected heavy computational cost and high false alarm rates. In this paper, we propose a simple distance-computing algorithm for network anomaly detection, which is able to distinguish network anomalies from normal traffic using simple but effective distance-computing mechanism. Experimental results on the well-known KDD Cup 1999 dataset demonstrate it can effectively detect anomalies with high true positives, low false positives with acceptable computational cost.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Denning, D.E.: An Intrusion Detection Model. IEEE Transactions on Software Engineering, 222–232 (1987)

    Google Scholar 

  2. Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 1998 USENIX Security Symposium (1998)

    Google Scholar 

  3. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.J.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Barbara, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security. Kluwer (2002)

    Google Scholar 

  4. Gammerman, A., Vovk, V.: Prediction algorithms and confidence measure based on algorithmic randomness theory. Theoretical Computer Science, 209-217 (2002)

    Google Scholar 

  5. Li, M., Vitanyi, P.: Introduction to Kolmogorov Complexity and its Applications, 2nd edn. Springer, Heidelberg (1997)

    Book  MATH  Google Scholar 

  6. Proedrou, K., Nouretdinov, I., Vovk, V., Gammerman, A.: Transductive Confidence Machines for Pattern Recognition. In: Elomaa, T., Mannila, H., Toivonen, H. (eds.) ECML 2002. LNCS (LNAI), vol. 2430, pp. 381–390. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Barbará, D., Domeniconi, C., Rogers, J.P.: Detecting outliers using transduction and statistical testing. In: Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, USA, pp. 55–64 (2006)

    Google Scholar 

  8. Knowledge discovery in databases DARPA archive. Task Description, http://www.kdd.ics.uci.edu/databases/kddcup99/task.html

  9. Kuang, L., Zulkernine, M.: An anomaly intrusion detection method using the CSI-KNN algorithm. In: Proc. of the 2008 ACM Symposium on Applied Computing, pp. 1362–1373 (2008)

    Google Scholar 

  10. Liao, Y., Vemuri, V.: Use of K-Nearest Neighbor classifier for intrusion detection. Computers & Security 21(5), 439–448 (2002)

    Article  Google Scholar 

  11. Prerau, M.J., Eskin, E.: Unsupervised anomaly detection using an optimized K-nearest neighbors algorithm. Master’s thesis

    Google Scholar 

  12. Skoudis, E., Liston, T., Reloaded, C.H.: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2nd edn. Prentice Hall PTR, Upper Saddle River (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer & Information Engineering, Guangxi Vocational & Technical Institute of Industry, Nanning, Guangxi, China, 53001

    Guo-Hui Zhou

Authors
  1. Guo-Hui Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Multimedia Engineering Department, Hannam University, 133 Ojeong-dong, Daeduk-gu, Daejeon, Korea

    Tai-hoon Kim

  2. The Ohio State University, 470 Hitchcock Hall, 2070 Neil Avenue, 43210-1275, Columbus, OH, USA

    Hojjat Adeli

  3. National Chiao Tung University, Hsinchu, Taiwan, R.O.C.

    Wai-chi Fang

  4. Universidad Complutense de Madrid, 28040, Madrid, Spain

    Javier García Villalba

  5. Mississippi State University, Mississippi State, MS, USA

    Kirk P. Arnett

  6. Center of Excellence in Information Assurance, King Saud University, Kingdom of Saudi Arabia

    Muhammad Khurram Khan

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhou, GH. (2011). An Effective Distance-Computing Method for Network Anomaly Detection. In: Kim, Th., Adeli, H., Fang, Wc., Villalba, J.G., Arnett, K.P., Khan, M.K. (eds) Security Technology. SecTech 2011. Communications in Computer and Information Science, vol 259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27189-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27189-2_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27188-5

  • Online ISBN: 978-3-642-27189-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation