Authors G.V. Karaychev
Month, Year 11, 2009 @en
Index UDC 004.956:519.237.8
Abstract The paper provides information on high productivity unsupervised anomaly detection based on adaptive construction of system profile. Initial connection records are transformed using principal component analysis and clustered by adaptive grid-based algorithm. Evaluation (KDD CUP"99 data set) demonstrates that effectiveness of suggested approach is comparable with other anomaly analysis methods.

Download PDF

Keywords Network security; anomaly analysis; principal component analysis; clusterization; adaptive grid-based algorithm; ROC analysis.
References 1. Denning D.E. An intrusion detection model. IEEE Transactions on Software Engineering, SE-13, 1987. – P. 222–232.
2. Javitz H.S., Valdes A. The NIDES statistical component description and justification. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California, March 1994.
3. Leung K., Leckie C. Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters. In Proceedings of Twenty-Eighth Australasian Computer Science Conference (ACSC2005), Newcastle, Australia, 1–3 February 2005. – P. 333–342.
4. Shyu M.-L., Chen S.-C., Sarinnapakorn K., Chang L. A novel anomaly detection scheme based on principal component classifier. // Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, Melbourne, FL, USA, 2003. – P. 172–179.
5. Wang W., Battiti R. Identifying Intrusions in Computer Networks with Principal Component Analysis. // Proceedings of the First International Conference on Availability, Reliability and Security (ARES'06). – P. 270–279, April 20–22, 2006.
6. Liao W.-k., Liu Y., Choudhary A. A Grid-based Clustering Algorithm using Adaptive
Mesh Refinement. // 7th Workshop on Mining Scientific and Engineering Datasets in conjunction with SIAM International Conference on Data Mining (SDM), pp. 61–69, April 2004, Lake Buena Vista, Florida, USA.
7. Kwitt R., Hofmann U. Robust Methods for Unsupervised PCA-based Anomaly Detection. IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, Tuebingen, Germany, September 28–29, 2006.
8. Lincoln labs. KDDCup’99., 2003.
9. Gu G., Fogla P., Dagon D., Lee W., Skoric B. Measuring Intrusion Detection Capability: An Information-Theoretic Approach. ASIACCS'06, March 21–24, 2006 Taipei, Taiwan.
10. Levin I. KDD-99 Classifier Learning Contest: LLSoft’s Results Overview. ACM
SIGKDD Explorations 2000, pp. 67–75, January 2000.
11. Pfahringer B. Winning the KDD99 Classification Cup: Bagged Boosting. ACM
SIGKDD Explorations 2000, pp. 65–66, January 2000.
12. Miheev V., Vopilov A., Shabalin I. The MP13 Approach to the KDD’99 Classifier
Learning Contes». ACM SIGKDD Explorations 2000. – P. 76–77, January 2000.
13. Карайчев Г.В., Нестеренко В.А. Применение весовых функций для определения локальных статистических характеристик потока пакетов в сети // Известия высших учебных заведений. Северо-Кавказский регион. Естественные науки. – Ростов н/Д, 2008. № 1. – C. 10–14.

Comments are closed.