Computer Science

Computer Science ›› 2017, Vol. 44 ›› Issue (5): 116-119.doi: 10.11896/j.issn.1002-137X.2017.05.021

Previous Articles     Next Articles

Research on Application of Outlier Mining Based on Hybrid Clustering Algorithm in Anomaly Detection

YIN Na and ZHANG Lin   

  • Online:2018-11-13 Published:2018-11-13

PDF (PC)

576

Abstract: In order to improve the detection rate of anomaly detection system,reduce the false alarm rate,and solve the problems existing in the current anomaly detection,outlier mining techniques were applied to anomaly detection,and this paper presented a network anomaly detection method based on hybrid clustering algorithm (NADHC).In the method,the clustering algorithm based on distance is combined with the density clustering algorithm to form a new hybrid clustering algorithm.The method is based on the k-medoids algorithm to find out the cluster centers.Next,NADHC removes a small amount of attack behavior samples which has obvious characteristics of high concealment,then calculates the abnormal degree by the repeated increasing samples combined with density-based clustering method to determine the abnormal behavior.NADHC algorithm was validated on KDD CUP 99 dataset.The experimental results show its feasibility and effectiveness.

Key words: Anomaly detection,Outlier mining,NADHC

[1] ANGIULLI F,BASTA S,PIZZUTI C.Detection and prediction of distance-based outliers[C]∥Proceedings of the 2005 ACM Symposium on Applied Computing.ACM,2005:537-542.
[2] ZHU Y W,YANG J H,ZHANG J X.Anomaly detection based on traffic information structure[J].Journal of Software,2010,21(10):2573-2583.(in Chinese) 朱应武,杨家海,张金祥.基于流量信息结构的异常检测[J].软件学报,2010,21(10):2573-2583.
[3] GAO Y,ZHOU W,HAN J Z,et al.An online log anomaly detection method based on grammar compression[J].Chinese Journal of Computers,2014,37(1):73-86.(in Chinese) 高赟,周薇,韩冀中,等.一种基于文法压缩的日志异常检测算法[J].计算机学报,2014,37(1):73-86.
[4] BREUNIG M M,KRIEGEL H P,NG R T,et al.LOF:identi-fying density-basedlocal outliers[J].ACM Sigmod Record,ACM,2000,29(2):93-104.
[5] LEE Y J,YEH Y R,WANG Y C F.Anomaly Detection via Online Oversampling Principal Component Analysis[J].IEEE Transactions on Knowledge and Data Engineering,2013,25(7):1460-1470.
[6] CHANDOLA V,BANERJEE A,KUMAR V.Anomaly detec-tion:A survey[J].ACM Computing Surveys (CSUR),2009,41(3):1-58.
[7] PARDESHI B,TOSHNIWAL D.Improved K-medoids clustering based on cluster validity index and object density[C]∥Proc of the 2nd IEEE International Advance Computing Conference.2010:379-384.
[8] BADRAN K,ROCKETT P.Multi-class pattern classificationusing single,multi-dimensional feature-space feature extraction evolved by multi-objective genetic programming and its application to network intrusion detection[J].Genetic Programming and Evolvable Machines,2012,13(1):33-63.
[9] KUANG L,ZULEMINE M.An anomaly intrusion detectionmethod using the csi-knn algorithm[C]∥Proceedings of the 2008 ACM Symposium on Applied Computing.ACM,2008:921-926.
[10] HU M X.Intrusion detection algorithm based on BP neural network[J].Chinese Journal of Computers,2012,38(6):148-150.(in Chinese) 胡明霞.基于BP神经网络的入侵检测算法[J].计算机工程,2012,38(6):148-150.
[11] HUANG M M,LIN B G.Fuzzy clustering method based on genetic algorithm in intrusion detection study[J].Journal on Communications,2009,30(11):140-145.(in Chinese) 黄敏明,林柏钢.基于遗传算法的模糊聚类入侵检测研究[J].通信学报,2009,30(11):140-145.
[12] ZHANG L,BAI Z Y,LUO S S,et al.Integrated intrusion detection model based on rough set and artificial immune[J].Journal on Communications,2013(9):166-176.(in Chinese) 张玲,白中英,罗守山,等基于粗糙集和人工免疫的集成入侵检测模型[J].通信学报,2013(9):166-176.
[13] TSAI C F,CHENG K C.Simple instance selection for bankruptcy prediction[J].Knowledge-Based Systems,2012,27(3):333-342.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.