Threshold-based Clustering for Intrusion Detection Systems

Nikulin, V. (2006). Threshold-based Clustering for Intrusion Detection Systems. In: Belur V. Dasarathy, Proceedings of SPIE: Data Mining, Intrusion Detection, Information Assurance, and Networks Security 2006. Data Mining, Intrusion Detection, Information Assurance, and Networks Security 2006, Orlando, Florida, USA, (62410E-1-62410E-12). 17-18 April 2006. doi:10.1117/12.665326

Attached Files (Some files may be inaccessible until you login with your UQ eSpace credentials)
Name Description MIMEType Size Downloads
UQ207784_OA.pdf Full text (open access) application/pdf 176.12KB 0

Author Nikulin, V.
Title of paper Threshold-based Clustering for Intrusion Detection Systems
Conference name Data Mining, Intrusion Detection, Information Assurance, and Networks Security 2006
Conference location Orlando, Florida, USA
Conference dates 17-18 April 2006
Proceedings title Proceedings of SPIE: Data Mining, Intrusion Detection, Information Assurance, and Networks Security 2006   Check publisher's open access policy
Journal name Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2006   Check publisher's open access policy
Place of Publication Bellingham, WA
Publisher International Society for Optical Engineering (SPIE)
Publication Year 2006
Sub-type Fully published paper
DOI 10.1117/12.665326
Open Access Status File (Publisher version)
ISBN 0819462977
9780819476104
ISSN 0277-786X
Editor Belur V. Dasarathy
Volume 6241
Start page 62410E-1
End page 62410E-12
Total pages 12
Language eng
Abstract/Summary Signature-based intrusion detection systems look for known, suspicious patterns in the input data. In this paper we explore compression of labeled empirical data using threshold-based clustering with regularization. The main target of clustering is to compress training dataset to the limited number of signatures, and to minimize the number of comparisons that are necessary to determine the status of the input event as a result. Essentially, the process of clustering includes merging of the clusters which are close enough. As a consequence, we will reduce original dataset to the limited number of labeled centroids. In a complex with k-nearest-neighbor (kNN) method, this set of centroids may be used as a multi-class classifier. Clearly, different attributes have different importance depending on the particular training database. This importance may be regulated in the definition of the distance using linear weight coefficients. The paper introduces special procedure to estimate above weight coefficients. The experiments on the KDD-99 intrusion detection dataset have confirmed effectiveness of the proposed methods. ©2006 COPYRIGHT SPIE--The International Society for Optical Engineering. Downloading of the abstract is permitted for personal use only.
Subjects 080109 Pattern Recognition and Data Mining
Keyword distance-based clustering
k-nearest-neighbor method
intrusion detection
Q-Index Code EX
Additional Notes Also published as: V. Nikulin, Threshold-based clustering with merging and regularization in application to network intrusion detection, Computational Statistics & Data Analysis, Volume 51, Issue 2, 15 November 2006, Pages 1184-1196, ISSN 0167-9473, DOI: 10.1016/j.csda.2005.11.015. (http://www.sciencedirect.com/science/article/B6V8V-4HSY3CG-1/2/0bb7e0b95b05da059980e862c3200e02) Keywords: Distance-based clustering; k-nearest-neighbor method; Intrusion detection. ScopusID 2-s2.0-33750319953

Document type: Conference Paper
Collection: School of Mathematics and Physics
 
Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 0 times in Thomson Reuters Web of Science Article
Scopus Citation Count Cited 0 times in Scopus Article
Google Scholar Search Google Scholar
Created: Thu, 15 Jul 2010, 12:19:22 EST by Thelma Whitbourne on behalf of Faculty of Science