Abstract | ||
---|---|---|
Signature-based intrusion detection systems look for known, suspicious patterns in the input data. In this paper we explore compression of labeled empirical data using threshold-based clustering with regularization. The main target of clustering is to compress training dataset to the limited number of signatures, and to minimize the number of comparisons that are necessary to determine the status of the input event as a result. Essentially, the process of clustering includes merging of the clusters which are close enough. As a consequence, we will reduce original dataset to the limited number of labeled centroids. In a complex with k-nearest-neighbor (kNN) method, this set of centroids may be used as a multi-class classifier. Clearly, different attributes have different importance depending on the particular training database and given cost matrix. This importance may be regulated in the definition of the distance using linear weight coefficients. The paper introduces special procedure to estimate above weight coefficients. The experiments on the KDD-99 intrusion detection dataset have confirmed the effectiveness of the proposed methods. |
Year | DOI | Venue |
---|---|---|
2006 | 10.1142/S1469026806001770 | INTERNATIONAL JOURNAL OF COMPUTATIONAL INTELLIGENCE AND APPLICATIONS |
Keywords | Field | DocType |
Distance-based clustering, k-nearest-neighbor method, intrusion detection | Fuzzy clustering,Data mining,CURE data clustering algorithm,Computer science,Artificial intelligence,Cluster analysis,Single-linkage clustering,k-medians clustering,Clustering high-dimensional data,Data stream clustering,Pattern recognition,Correlation clustering,Machine learning | Journal |
Volume | Issue | ISSN |
6 | 1 | 1469-0268 |
Citations | PageRank | References |
3 | 0.40 | 19 |
Authors | ||
1 |
Name | Order | Citations | PageRank |
---|---|---|---|
Vladimir Nikulin | 1 | 99 | 17.28 |