K-Means+ID3: A novel method for supervised anomaly detection by cascading k-Means clustering and ID3 decision tree learning methods

IEEE Transactions on Knowledge and Data Engineering

Volumn 19, Issue 3, 2007, Pages 345-354

  Gaddam, Shekhar R ^c   Phoha, Vir V ^a,b   Balagani, Kiran S ^b  

^a IEEE   (United States)

^b Louisiana Tech University   (United States)

^c NONE

Author keywords

Anomaly detection; Classification; Decision trees; k Means clustering; Receiver operating characteristic (ROC) curves

Indexed keywords

ANOMALY DETECTION; DECISION BOUNDARIES; K-MEANS CLUSTERING METHOD; RECEIVER OPERATING CHARACTERISTIC (ROC) CURVES;

CLASSIFICATION (OF INFORMATION); COMPUTER NETWORKS; DECISION TREES; KNOWLEDGE MANAGEMENT;

LEARNING SYSTEMS;

EID: 33847704184     PISSN: 10414347     EISSN: None     Source Type: Journal    
DOI: 10.1109/TKDE.2007.44     Document Type: Article

References (29)

1. A. Lazarevic, A. Ozgur, L. Ertoz, J. Srivastava, and V. Kumar, "A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection," Proc. SIAM Int'l Conf. Data Mining, May 2003.
2. N. Ye, Y. Zhang, and CM. Borror, "Robustness of the Markov-Chain Model for Cyber-Attack Detection," IEEE Trans. Reliability, vol. 53, no. 1, pp. 116-123, 2004.
3. D. Mutz, F. Valeur, G. Vigna, and C. Kruegel, "Anomalous System Call Detection," ACM Trans. Information and System Security, vol. 9, no. 1, pp. 61-93, Feb. 2006.
4. S. Kumar and E.H. Spafford, "A Pattern Matching Model for Misuse Intrusion Detection," Proc. 17th Nat'l Computer Security Conf., pp. 11-21, Oct. 1994.
5. S.C. Chin, A. Ray, and V. Rajagopalan, "Symbolic Time Series Analysis for Anomaly Detection: A Comparative Evaluation," Signal Processing, vol. 85, no. 9, pp. 1859-1868, Sept. 2005.
6. M. Thottan and C. Ji, "Anomaly Detection in IP Networks," IEEE Trans. Signal Processing, vol. 51, no. 8, pp. 2191-2204, 2003.
7. C. Kruegel and G. Vigna, "Anomaly Detection of Web-Based Attacks," Proc. ACM Conf. Computer and Comm. Security, Oct. 2003.
8. Z. Zhang, J. Li, C.N. Manikopoulos, J. Jorgenson, and J. Ucles, "HIDE: A Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification," Proc. 2001 IEEE Workshop Information Assurance, pp. 85-90, June 2001.
9. S.T. Sarasamma, Q.A. Zhu, and J. Huff, "Hierarchical Kohonen Net for Anomaly Detection in Network Security," IEEE Trans. Systems, Man, and Cybernetics-Part B, vol. 35, no. 2, Apr. 2005.
10. J. Gomez and D.D. Gupta, "Evolving Fuzzy Classifiers for Intrusion Detection," Proc. 2002 IEEE Workshop Information Assurance, June 2001.
11. A. Ray, "Symbolic Dynamic Analysis of Complex Systems for Anomaly Detection," Signal Processing, vol. 84, no. 7, pp. 1115-1130, 2004.
12. N. Ye, S.M. Emran, Q. Chen, and S. Vilbert, "Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection," IEEE Trans. Computers, vol. 51, no. 7, pp. 810-820, 2002.
13. H.S. Javitz and A. Valdes, "The SRI IDES Statistical Anomaly Detector," Proc. IEEE Symp. Security and Privacy, pp. 316-326, May 1991.
14. I. Levin, "KDD-99 Classifier Learning Contest: LLSoft's Results Overview," SIGKDD Explorations, vol. 1, pp. 67-75, Jan. 2000.
15. D.Y. Yeung and C. Chow, "Parzen-Window Network Intrusion Detectors," Proc. 16th Int'l Conf. Pattern Recognition, vol. 4, pp. 385-388, Aug. 2002.
16. R. Agarwal and M.V. Joshi, "PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection)," Technical Report DSTO-GD-0286, Dept. of Computer Science, Univ. of Minnesota, 2000.
17. G. Qu, S. Hariri, and M. Yousif, "A New Dependency and Correlation Analysis for Features," IEEE Trans. Knowleddge and Data Eng., vol. 17, no. 9, pp. 1199-1207, Sept. 2005.
18. J. Kittler, M. Hatef, R.P.W. Duin, and J. Matas, "On Combining Classifiers," IEEE Trans. Pattern Analysis and Machine Intelligence, vol. 20, no. 3, pp. 226-239, Mar. 1998.
19. A. Verikas, A. Lipnickas, K. Malmqvist, M. Bacauskiene, and A. Gelzinis, "Soft Combination of Neural Classifiers: A Comparative Study," Pattern Recognition Letters, vol. 20, pp. 429-444, 1999.
20. L.I. Kuncheva, "Switching between Selection and Fusion in Combining Classifiers: An Experiment," IEEE Trans. Systems, Man, and Cybernetics, vol. 32, no. 2, pp. 146-156, Apr. 2002.
21. R.P. Lippman, D.J. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster, D. Wyschogrod, R.K. Cunningham, and M.A. Zissman, "Evaluating Intrusion Detection Systems: The 1998 DARPA Off-Line Intrusion Detection Evaluation," Proc. DARPA Information Survivabiltiy Conf. and Exposition (DISCEX '00), pp. 12-26, Jan. 2000.
22. J. Haines, L. Rossey, R.P. Lippman, and R.K. Cunningham, "Extending the DARPA Offline Intrusion Detection Evaluation," Proc. DARPA Information Survivability Conf. and Exposition (DISCEX '01), June 2001.
23. R. Lippmann, J.W. Haines, D.J. Fried, J. Korba, and K. Das, "The 1999 DARPA Off-Line Intrusion Detection Evaluation," Proc. Third Int'l Workshop Recent Advances in Intrusion Detection (RAID '00), pp. 162-182, Oct. 2000.
24. G.K. Kuchimanachi, V.V. Phoha, K.S. Balagani, and S.R. Gaddam, "Dimension Reduction Using Feature Extraction Methods for Real-Time Misuse Detection Systems," Proc. IEEE 2004 Information Assurance Workshop, pp. 195-202, June 2004.
25. A.M. Khatkhate, A. Ray, E. Keller, and S. Chin, "Symbolic Time Series Analysis of Mechanical Systems for Anomaly Detection," IEEE/ASME Trans. Mechatronics, vol. 11, no. 4, pp. 439-447, Aug. 2006.
26. R. Duda, P. Hart, and D. Stork, Pattern Classification, second ed. Wiley Publishers, Oct. 2000.
27. T. Mitchell, Machine Learning. McGraw-Hill, 1997.
28. T. Fawcett, "ROC Graphs: Notes and Practical Considerations for Data Mining Researchers," Technical Report HPL-2003-4, HP Labs, 2003.
29. J. Huang and C. Ling, "Using AUC and Accuracy in Evaluating Learning Algorithms," IEEE Trans. Knowledge and Data Eng, vol. 17, no. 3, pp. 299-310, Mar. 2005.