Unsupervised Clustering Approach for Network Anomaly Detection

Syarif, Iwan; Prügel-Bennett, Adam; Wills, Gary

doi:10.1007/978-3-642-30507-8_13

Cited by 144 publications

(76 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In several review papers [26][27][28][29][30][31][32] various network anomaly detection methods have been summarized. From aforementioned surveys one can find that the most effective methods of network anomaly detection are Principle Component Analysis [33][34][35], Wavelet analysis [36][37][38], Markovian models [39,40], Clustering [41][42][43], Histograms [44,45], Sketches [46,47], and Entropies [8,15,48].…”

Section: General Overview Of Network Anomaly Techniquesmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

163

View full text Add to dashboard Cite

Data mining is an interdisciplinary subfield of computer science involving methods at the intersection of artificial intelligence, machine learning and statistics. One of the data mining tasks is anomaly detection which is the analysis of large quantities of data to identify items, events or observations which do not conform to an expected pattern. Anomaly detection is applicable in a variety of domains, e.g., fraud detection, fault detection, system health monitoring but this article focuses on application of anomaly detection in the field of network intrusion detection.The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network. This aim is achieved by realization of the following points: (i) preparation of a concept of original entropy-based network anomaly detection method, (ii) implementation of the method, (iii) preparation of original dataset, (iv) evaluation of the method.

show abstract

Section: General Overview Of Network Anomaly Techniquesmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

163

View full text Add to dashboard Cite

show abstract

“…[30] achieved 99.63% detection rate and the false alarm rate is 0.34%. Iwan Syarif et al [42] has achieved detection rate is 99.56% and the false alarm rate of 0.40% in the year 2012. …”

Section: Comprehensive Analysis and Discussionmentioning

confidence: 99%

“…In the very next year in 2012, Iwan Syarif et al [42] have illustrated the compensation of utilizing the variance detection approach over the mishandling detection technique in detecting unknown network intrusions or attacks. When applied to anomaly detection it also examined the presentation of different grouping algorithms.…”

Section: International Journal Of Computer Applications (0975 -8887) mentioning

confidence: 99%

A Literature Survey and Comprehensive Study of Intrusion Detection

KumarJonnalagadda¹,

Reddy²

2013

IJCA

View full text Add to dashboard Cite

With the rapid expansion of computer usage and computer network the security of the computer system has became very important. Every day new kind of attacks are being faced by industries. As the threat becomes a serious matter year by year, intrusion detection technologies are indispensable for network and computer security. A variety of intrusion detection approaches be present to resolve this severe issue but the main problem is performance. It is important to increase the detection rates and reduce false alarm rates in the area of intrusion detection. In order to detect the intrusion, various approaches have been developed and proposed over the last decade. In this paper, a detailed survey of intrusion detection based various techniques has been presented. Here, the techniques are classified as follows: i) papers related to Neural network ii) papers related to Support vector machine iii) papers related to K-means classifier iv) papers related to hybrid technique and v) paper related to other detection techniques. For comprehensive analysis, detection rate, time and false alarm rate from various research papers have been taken.

show abstract

“…The idea behind this technique is that the amount of normal connection data is usually overwhelmingly larger than that of intrusions [5]. Whenever this assumption holds, the anomalies and attacks can be detected based on cluster sizes, i.e, large clusters correspond to normal data, and the rest of the data points, which are outliers, correspond to attacks [19].…”

Section: The Clustering Algorithm Ad-clustmentioning

confidence: 99%

“…Moreover, the number of clusters dependency and the degeneracy constitute the drawbacks that hamper the use of K-means for anomaly detection [15]. In this respect, the AD-Clust algorithm combines two prominent categories of clustering, namely: distance-based [19] as well as density-based [8]. It exploits the advantages of the one to palliate the limitations of the other and vice versa.…”

Section: The Clustering Algorithm Ad-clustmentioning

confidence: 99%