Paper Info
Title
Intrusion detection based on clustering a data stream
Abstract
In anomaly intrusion detection, how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior as a profile, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes a new clustering algorithm, which continuously models a data stream. A set of features is used to represent the characteristics of an activity. For each feature, the clusters of feature values corresponding to activities observed so far in an audit data stream are identified by the proposed clustering algorithm for data streams. As a result, without maintaining any historical activity of a user physically, new activities of the user can be continuously reflected to the on-going result of clustering.
Year
DOI
Venue
2005
10.1109/SERA.2005.49
SERA
Keywords
Field
DocType
proposed clustering algorithm,static behavior,intrusion detection,new clustering algorithm,pattern clustering,continuous activity,audit data set,audit data stream,data mining techniques,anomaly intrusion detection,data stream clustering,normal behavior,data mining,conventional data mining technique,audit data,finite audit data,data stream,security of data
Data mining,Anomaly detection,Data stream mining,Audit,Data stream clustering,Computer science,Data stream,Anomaly-based intrusion detection system,Cluster analysis,Intrusion detection system
Conference
ISBN
Citations 
PageRank 
0-7695-2297-1
12
1.08
References 
Authors
10
5
Name
Order
Citations
PageRank
Sang-Hyun Oh1202.93
Jin-Suk Kang24415.03
Yung-Cheol Byun35712.48
Gyung-Leen Park439968.77
Sang-Yong Byun5183.52