A Clustering-Based Unsupervised Approach to Anomaly Intrusion Detection
نویسندگان
چکیده
In the present paper a 2-means clustering-based anomaly detection technique is proposed. The presented method parses the set of training data, consisting of normal and anomaly data, and separates the data into two clusters. Each cluster is represented by its centroid one of the normal observations, and the other for the anomalies. The paper also provides appropriate methods for clustering, training and detection of attacks. The performance of the presented methodology is evaluated by the following methods: Recall, Precision and F1-measure. Measurements of performance are executed with Dunn index and Davies-Bouldin index. Keywordsanomaly based IDS, 2-means clustering, Recall, Precision, F1 measure, Dunn index, Davies-Bouldin index
منابع مشابه
Unsupervised Sequential Information Bottleneck Clustering For Building Anomaly Based Network Intrusion Detection Model
In this paper we present a novel approach to unsupervised clustering in building an efficient anomaly based network intrusion detection model. The method is based on a recently introduced sequential information bottleneck (sIB) principle. KDDCup 1999 intrusion detection benchmark dataset is used for the experimentation of our proposed technique. The experimental results demonstrate that the pro...
متن کاملAnomaly Intrusion Detection Design Using Hybrid of Unsupervised and Supervised Neural Network
This paper proposed a new approach to design the system using a hybrid of misuse and anomaly detection for training of normal and attack packets respectively. The utilized method for attack training is the combination of unsupervised and supervised Neural Network (NN) for Intrusion Detection System. By the unsupervised NN based on Self Organizing Map (SOM), attacks will be classified into small...
متن کاملA Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملAn Improved Intrusion Detection Technique based on two Strategies Using Decision Tree and Neural Network
In this paper we enhance the notion of anomaly detection and use both neural network (NN) and decision tree (DT) for intrusion detection. While DTs are highly successful in detecting known attacks, NNs are more interesting to detect new attacks. In our method we proposed a new approach to design the system using both DT and combination of unsupervised and supervised NN for Intrusion Detection S...
متن کاملDetecting Network Intrusions a Clustering Approach
With the increased usage of computer networks, security becomes a critical issue. Recently, data mining methods have gained lot of attention in addressing network security issues, including intrusion detection. Consequently, unsupervised learning methods have been given much importance for anomaly based network intrusion detection. In this paper, we investigate new clustering algorithms like fa...
متن کامل