Abstract
Currentlymany traditional network anomaly detection algorithms are proposed to distinguish network anomalies from heavy network traffic. However, most of them are based on data mining or machine learning methods, which brings unexpected heavy computational cost and high false alarm rates. In this paper, we propose a simple distance-computing algorithm for network anomaly detection, which is able to distinguish network anomalies from normal traffic using simple but effective distance-computing mechanism. Experimental results on the well-known KDD Cup 1999 dataset demonstrate it can effectively detect anomalies with high true positives, low false positives with acceptable computational cost.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Denning, D.E.: An Intrusion Detection Model. IEEE Transactions on Software Engineering, 222–232 (1987)
Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 1998 USENIX Security Symposium (1998)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.J.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Barbara, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security. Kluwer (2002)
Gammerman, A., Vovk, V.: Prediction algorithms and confidence measure based on algorithmic randomness theory. Theoretical Computer Science, 209-217 (2002)
Li, M., Vitanyi, P.: Introduction to Kolmogorov Complexity and its Applications, 2nd edn. Springer, Heidelberg (1997)
Proedrou, K., Nouretdinov, I., Vovk, V., Gammerman, A.: Transductive Confidence Machines for Pattern Recognition. In: Elomaa, T., Mannila, H., Toivonen, H. (eds.) ECML 2002. LNCS (LNAI), vol. 2430, pp. 381–390. Springer, Heidelberg (2002)
Barbará, D., Domeniconi, C., Rogers, J.P.: Detecting outliers using transduction and statistical testing. In: Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, USA, pp. 55–64 (2006)
Knowledge discovery in databases DARPA archive. Task Description, http://www.kdd.ics.uci.edu/databases/kddcup99/task.html
Kuang, L., Zulkernine, M.: An anomaly intrusion detection method using the CSI-KNN algorithm. In: Proc. of the 2008 ACM Symposium on Applied Computing, pp. 1362–1373 (2008)
Liao, Y., Vemuri, V.: Use of K-Nearest Neighbor classifier for intrusion detection. Computers & Security 21(5), 439–448 (2002)
Prerau, M.J., Eskin, E.: Unsupervised anomaly detection using an optimized K-nearest neighbors algorithm. Master’s thesis
Skoudis, E., Liston, T., Reloaded, C.H.: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2nd edn. Prentice Hall PTR, Upper Saddle River (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, GH. (2011). An Effective Distance-Computing Method for Network Anomaly Detection. In: Kim, Th., Adeli, H., Fang, Wc., Villalba, J.G., Arnett, K.P., Khan, M.K. (eds) Security Technology. SecTech 2011. Communications in Computer and Information Science, vol 259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27189-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-27189-2_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27188-5
Online ISBN: 978-3-642-27189-2
eBook Packages: Computer ScienceComputer Science (R0)