Weighted threshold-based clustering for intrusion detection systems

Nikulin, Vladimir (2006) Weighted threshold-based clustering for intrusion detection systems. International Journal of Computational Intelligence & Application, 6 1: 1-19. doi:10.1142/S1469026806001770

Attached Files (Some files may be inaccessible until you login with your UQ eSpace credentials)
Name Description MIMEType Size Downloads

Author Nikulin, Vladimir
Title Weighted threshold-based clustering for intrusion detection systems
Journal name International Journal of Computational Intelligence & Application   Check publisher's open access policy
ISSN 1469-0268
Publication date 2006-03
Sub-type Article (original research)
DOI 10.1142/S1469026806001770
Volume 6
Issue 1
Start page 1
End page 19
Total pages 19
Place of publication London, England
Publisher Imperial College Press
Language eng
Subject 01 Mathematical Sciences
0103 Numerical and Computational Mathematics
Abstract Signature-based intrusion detection systems look for known, suspicious patterns in the input data. In this paper we explore compression of labeled empirical data using threshold-based clustering with regularization. The main target of clustering is to compress training dataset to the limited number of signatures, and to minimize the number of comparisons that are necessary to determine the status of the input event as a result. Essentially, the process of clustering includes merging of the clusters which are close enough. As a consequence, we will reduce original dataset to the limited number of labeled centroids. In a complex with k-nearest-neighbor (kNN) method, this set of centroids may be used as a multi-class classifier. Clearly, different attributes have different importance depending on the particular training database and given cost matrix. This importance may be regulated in the definition of the distance using linear weight coefficients. The paper introduces special procedure to estimate above weight coefficients. The experiments on the KDD-99 intrusion detection dataset have confirmed the effectiveness of the proposed methods.
Keyword Distance-based clustering
intrusion detection
k-nearest-neighbor method
Q-Index Code C1
Q-Index Status Provisional Code
Institutional Status Non-UQ

Document type: Journal Article
Sub-type: Article (original research)
Collections: Excellence in Research Australia (ERA) - Collection
School of Mathematics and Physics
Version Filter Type
Citation counts: Google Scholar Search Google Scholar
Created: Thu, 24 Dec 2009, 14:24:27 EST by Maria Campbell on behalf of Faculty of Science