A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection

Weller-Fahy, David J.; Borghetti, Brett J.; Sodemann, Angela A.

doi:10.1109/comst.2014.2336610

Cited by 191 publications

(81 citation statements)

References 107 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Existing intrusion detection and prevention models generally use statistical approaches [15] such as Hidden Markov Model (HMM) [15], Bayes theory [16], cluster analysis [17], signal processing [18] and distance measuring [19] to detect anomalous activities. Anomaly detection approaches can be broadly categorized into supervised and unsupervised learning [6].…”

Section: Related Workmentioning

confidence: 99%

A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks

Pajouh

Javidan

Khayami

et al. 2019

IEEE Trans. Emerg. Topics Comput.

350

157

View full text Add to dashboard Cite

Abstract-With increasing reliance on Internet of Things (IoT) devices and services, the capability to detect intrusions and malicious activities within IoT networks is critical for resilience of the network infrastructure. In this paper, we present a novel model for intrusion detection based on two-layer dimension reduction and two-tier classification module, designed to detect malicious activities such as User to Root (U2R) and Remote to Local (R2L) attacks. The proposed model is using component analysis and linear discriminate analysis of dimension reduction module to spate the high dimensional dataset to a lower one with lesser features. We then apply a two-tier classification module utilizing Naïve Bayes and Certainty Factor version of K-Nearest Neighbor to identify suspicious behaviors. The experiment results using NSL-KDD dataset shows that our model outperforms previous models designed to detect U2R and R2L attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks

Pajouh

Javidan

Khayami

et al. 2019

IEEE Trans. Emerg. Topics Comput.

350

157

View full text Add to dashboard Cite

show abstract

“…where U is the (c × n) partition matrix, V = {v 1 , v 2 , ..., v c } is the vector of c cluster centers (prototypes) in d , m > 1 is the fuzzification constant, and ||.|| A is any inner product A-induced norm [18], i.e., ||X|| A = √ X T AX or the distance function such as Minkowski distance, presented by Eq. (5).…”

Section: Arxiv:190203127v1 [Cslg] 8 Feb 2019mentioning

confidence: 99%

Bounded Fuzzy Possibilistic Method

Yazdani

2020

Fuzzy Sets and Systems

View full text Add to dashboard Cite

This paper introduces Bounded Fuzzy Possibilistic Method (BFPM) by addressing several issues that previous clustering/classification methods have not considered. In fuzzy clustering, object's membership values should sum to 1. Hence, any object may obtain full membership in at most one cluster. Possibilistic clustering methods remove this restriction. However, BFPM differs from previous fuzzy and possibilistic clustering approaches by allowing the membership function to take larger values with respect to all clusters. Furthermore, in BFPM, a data object can have full membership in multiple clusters or even in all clusters. BFPM relaxes the boundary conditions (restrictions) in membership assignment. The proposed methodology satisfies the necessity of obtaining full memberships and overcomes the issues with conventional methods on dealing with overlapping. Analysing the objects' movements from their own cluster to another (mutation) is also proposed in this paper. BFPM has been applied in different domains in geometry, set theory, anomaly detection, risk management, diagnosis diseases, and other disciplines. Validity and comparison indexes have been also used to evaluate the accuracy of BFPM. BFPM has been evaluated in terms of accuracy, fuzzification constant (different norms), object's movement analysis, and covering diversity. The promising results prove the importance of considering the proposed methodology in learning methods to track the behaviour of data objects, in addition to obtain accurate results.

show abstract

“…This is a new metric which is designed to identify the connection between similarity of suspicious activities of a mobile client and other mobile devices in a network. The Pearson product correlation shown in formula 5 is selected to implement the proposed correlation index as it is commonly used in linear regression [27]. Similar to the HIS and VSI explained in the previous section, the correlation index is a retrospective metric.…”

Section: Correlation Indexmentioning

confidence: 99%