Toward a more practical unsupervised anomaly detection system

Information Sciences

Volumn 231, Issue , 2013, Pages 4-14

  Song, Jungsuk ^a,d   Takakura, Hiroki ^b   Okabe, Yasuo ^c   Nakao, Koji ^a  

^a NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY   (Japan)

^b NAGOYA UNIVERSITY   (Japan)

^c KYOTO UNIVERSITY   (Japan)

^d Korea Institute of Science and Technology Information (KISTI)   (South Korea)

Author keywords

Anomaly detection; Clustering; Intrusion Detection System; One class SVM

Indexed keywords

ANOMALY DETECTION; ANOMALY DETECTION METHODS; BUILDING PROCESS; CLUSTERING; CYBER-ATTACKS; DATA MINING TECHNIQUES; HONEYPOTS; INTRUSION DETECTION MODELS; INTRUSION DETECTION SYSTEMS; KYOTO UNIVERSITY; LABELED TRAINING DATA; NETWORK CHARACTERISTICS; ONE CLASS-SVM; REAL NETWORKS; REAL TRAFFIC; UNKNOWN ATTACKS; UNSUPERVISED ANOMALY DETECTION;

COMPUTER CRIME; LEARNING ALGORITHMS; OPTIMIZATION;

INTRUSION DETECTION;

EID: 84874114774     PISSN: 00200255     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ins.2011.08.011     Document Type: Article

References (30)

1. J. Allen, A. Christie, W. Fithen, State of the Practice of Intrusion Detection Technologies, Technical Report, CMU/SEI-99-TR-028, 2000.
2. R. Bace, P. Mell, Intrusion Detection Systems, NIST Special Publications SP 800-31, November, 2001.
3. Chih-Chung Chang, Chih-Jen Lin, LIBSVM: a library for support vector machines, 2001. Software Available from: .
4. N. Cristianini, and J. Shawe-Taylor An Introduction To Support Vector Machines 2000 Cambridge University Press
5. R.O. Duda, P. Hart, and D. Stork Pattern Classification 2001 John Wiley and Sons, Inc. New York
6. D.E. Denning An intrusion detection model IEEE Transactions on Software Engineering SE-13 1987 222 232
7. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, S. Stolfo, A Geometric Framework for Unsupervised Anomaly Detection: Intrusion Detection in Unlabeled Data, in Applications of Data Mining in Computer Security, 2002.
8. Y. Guan, A. Ghorbani and N. Belacel, Y-means: A clustering method for intrusion detection, in: IEEE Canadian Conference on Electrical and Computer Engineering, Proceedings, 2003.
9. P. Laskov, C. Schäfer, & I. Kotenko, Intrusion detection in unlabeled data with quarter-sphere support vector machines, in: Proc. DIMVA, 2004 pp. 71-82.
10. .
11. .
12. .
13. .
14. .
15. K. Leung, C. Leckie, Unsupervised anomaly detection in network intrusion detection using clusters, in: ACSC2005, 2005.
16. K.L. Li, H.K. Huang, S.F. Tian, W. Xu, Improving one-class SVM for anomaly detection, in: International Conference on Machine Learning and Cybernetics, Vol. 5, 2003, pp. 3077-3081.
17. S. Mukkamala, and A.H. Sung Identifying significant features for network forensic analysis using artificial intelligent techniques International Journal of Digital Evidence 1 4 2003
18. L. Portnoy, E. Eskin and S. Stolfo, Intrusion detection with unlabeled data using clustering", in: Proceedings of ACM CSS Workshop on Data Mining Applied to Security, 2001.
19. Jungsuk Song, Hiroki Takakura, Yasuo Okabe, and Yongjin Kwon Unsupervised Anomaly Detection Based on Clustering and Multiple One-class SVM IEICE Transactions on Communications E92-B 06 2009 1981 1990
20. Jungsuk Song, Hiroki Takakura, and Yasuo Okabe Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes WOMBAT Workshop on Information Security Threat Data Exchange (WISTDE 2008) 2008 The IEEE CS Press, April
21. Jungsuk Song, Kenji Ohira, Hiroki Takakura, Yasuo Okabe, and Yongjin Kwon A clustering method for improving performance of anomaly-based Intrusion Detection System IEICE Transactions on Information and Communication System Security E91-D 5 2008 1282 1291
22. Symantec Network Security 7100 Series. http://www.symantec.com/press/ 2004/no40726.html.
23. The third international knowledge discovery and data mining tools competition dataset KDD99-Cup , 1999.
24. K. Julisch Clustering intrusion detection alarms to support root cause analysis ACM Transactions on Information and System Security Vol. 6 2003 ACM Press 443 471 (4)
25. C. Clifton, G. Gengo, Developing custom intrusion detection filters using data mining, 21st Century Military Communications Conference Proceedings(MILCOM2000), vol. 1, pp. 440-443, Los Angeles, California, USA, 2000.
26. Dong Yu, Deborah Frincke, A novel framework for alert correlation and understanding, in: ACNS 2004, LNCS 3089, 2004, pp. 452-466.
27. T. Pietraszek, Using adaptive alert classification to reduce false positives in intrusion detection, in: Proc. of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID '04),Sept. 2004, pp.102-124.
28. Giorgio Giacinto, Roberto Perdisci, Fabio Roli, Alarm clustering for intrusion detection systems in computer networks, in: MLDM 2005, LNAI 3587, 2005, pp. 184-193.
29. S. Al-Mamory, and H. Zhang Intrusion detection alarms reduction using root cause analysis and clustering ACM Computer Communications 32 2 2009 419 430
30. Dominik Fisch, Alexander Hofmann, and Bernhard Sick On the versatility of radial basis function neural networks: A case study in the field of intrusion detection Information Sciences 180 12 2010 2421 2439