Share Email Print
cover

Proceedings Paper

An improved unsupervised clustering-based intrusion detection method
Author(s): Yong Jun Hai; Yu Wu; Guo Yin Wang
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Practical Intrusion Detection Systems (IDSs) based on data mining are facing two key problems, discovering intrusion knowledge from real-time network data, and automatically updating them when new intrusions appear. Most data mining algorithms work on labeled data. In order to set up basic data set for mining, huge volumes of network data need to be collected and labeled manually. In fact, it is rather difficult and impractical to label intrusions, which has been a big restrict for current IDSs and has led to limited ability of identifying all kinds of intrusion types. An improved unsupervised clustering-based intrusion model working on unlabeled training data is introduced. In this model, center of a cluster is defined and used as substitution of this cluster. Then all cluster centers are adopted to detect intrusions. Testing on data sets of KDDCUP’99, experimental results demonstrate that our method has good performance in detection rate. Furthermore, the incremental-learning method is adopted to detect those unknown-type intrusions and it decreases false positive rate.

Paper Details

Date Published: 28 March 2005
PDF: 9 pages
Proc. SPIE 5812, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005, (28 March 2005); doi: 10.1117/12.603086
Show Author Affiliations
Yong Jun Hai, Chongqing Univ. of Posts and Telecommunications (China)
Yu Wu, Chongqing Univ. of Posts and Telecommunications (China)
Guo Yin Wang, Chongqing Univ. of Posts and Telecommunications (China)


Published in SPIE Proceedings Vol. 5812:
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top