|Article title||CONSTRUCTION AND USE OF FUNCTION OF DENSITY IN SPACE OF CHARACTERISTICS FOR DETECTION OF ABNORMAL EVENTS|
|Section||SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS|
|Month, Year||08, 2008 @en|
|Abstract||In this work we suggest to use a cluster-based estimation for detection abnormal events in a network. In particular, function of density of events in space of characteristics is used for division of normal and abnormal events in a network. As an example of practical use of this method we consider and analyze set TCP of connections in some local network.|
|Keywords||anomaly detection, arbitrary shape of clusters, clustering algorithms, intrusion detection, network security, network traffic analysis, packet analysis.|
|References||1. D.E. Denning. An intrusion detection model. IEEE Transactions on Software Engineering, SE-13. 1987. Р. 222-232.
2. L. Portnoy, E. Eskin and S. J. Stolfo. Intrusion Detection with Unlabeled Data Using Clustering. In Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), Philadelphia, PA, 2001.
3. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo. A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data Applications of Data Mining in Computer Security, Kluwer, 2002.
4. Wenke Lee and Sal Stolfo. Data Mining Approaches for Intrusion Detection. In Proceedings of the 7th USENIX Security Symposium (SECURITY'98), San Antonio, Texas, January 26-29, 1998.