Abstract
A new approach to detect anomalous behaviors in network traffic is presented. The network connection records were mapped into different feature spaces according to their protocols and services. Then performed clustering to group training data points into clusters, from which some clusters were selected as normal and known-attack profile. For those training data excluded from the profile, we used them to build a specific classifier. The classifier has two distinct characteristics: one is that it regards each data point in the feature space with the limited influence scope, which is served as the decisive bounds of the classifier, and the other is that it has the "default" label to recognize those novel attacks. The new method was tested on the KDD Cup 1999 data. Experimental results show that it is superior to other data mining based approaches in detection performance, especially in detection of PROBE and U2R attacks. © Springer-Verlag Berlin Heidelberg 2007.
Cite
CITATION STYLE
Yang, H., Xie, F., & Lu, Y. (2007). Network anomalous attack detection based on clustering and classifier. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4456 LNAI, pp. 672–682). Springer Verlag. https://doi.org/10.1007/978-3-540-74377-4_70
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
