Network anomalous attack detection based on clustering and classifier

1Citations
Citations of this article
4Readers
Mendeley users who have this article in their library.
Get full text

Abstract

A new approach to detect anomalous behaviors in network traffic is presented. The network connection records were mapped into different feature spaces according to their protocols and services. Then performed clustering to group training data points into clusters, from which some clusters were selected as normal and known-attack profile. For those training data excluded from the profile, we used them to build a specific classifier. The classifier has two distinct characteristics: one is that it regards each data point in the feature space with the limited influence scope, which is served as the decisive bounds of the classifier, and the other is that it has the "default" label to recognize those novel attacks. The new method was tested on the KDD Cup 1999 data. Experimental results show that it is superior to other data mining based approaches in detection performance, especially in detection of PROBE and U2R attacks. © Springer-Verlag Berlin Heidelberg 2007.

Cite

CITATION STYLE

APA

Yang, H., Xie, F., & Lu, Y. (2007). Network anomalous attack detection based on clustering and classifier. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4456 LNAI, pp. 672–682). Springer Verlag. https://doi.org/10.1007/978-3-540-74377-4_70

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free