|
|||||
|
|
Threshold-based clustering with merging and regularization in application to network intrusion detection |
|
| Authors: | V Nikulin |
| Affiliation: | Computer Sciences Laboratory, RSISE, Australian National University, Canberra, Australia |
| Abstract: | Signature-based intrusion detection systems look for known, suspicious patterns in the input data. In this paper we explore compression of labeled empirical data using threshold-based clustering with regularization. The main target of clustering is to compress training dataset to the limited number of signatures, and to minimize the number of comparisons that are necessary to determine the status of the input event as a result. Essentially, the process of clustering includes merging of the clusters which are close enough. As a consequence, we will reduce original dataset to the limited number of labeled centroids. In a complex with k-nearest-neighbor (kNN) method, this set of centroids may be used as a multi-class classifier. The experiments on the KDD-99 intrusion detection dataset have confirmed effectiveness of the above procedure. |
| Keywords: | Distance-based clustering _method=retrieve& _eid=1-s2 0-S0167947305003087& _mathId=si21 gif& _pii=S0167947305003087& _issn=01679473& _acct=C000069490& _version=1& _userid=6211566& md5=54230d6b5b2d94745843a22206abaf92')" style="cursor:pointer k-nearest-neighbor method" target="_blank">" alt="Click to view the MathML source" title="Click to view the MathML source">k-nearest-neighbor method Intrusion detection |
| 本文献已被 ScienceDirect 等数据库收录! | |