By Topic

CluSID: a clustering scheme for intrusion detection improved by information theory

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Shokri, R. ; Dept. of ECE, Tehran Univ., Iran ; Oroumchian, F. ; Yazdani, N.

Security is a big issue for all networks in any enterprise environment. Many solutions have been proposed to secure the network infrastructure and communication over the Internet. Intrusion detection systems with many different techniques such as data mining approaches are employed to maximize the detection rate of intrusions while reducing false alarm rate. For instance, many clustering techniques are recommended which segregate normal and abnormal data in IDSs. Clustering methods put emphasis on finding differences and similarities of traffic sessions to categorize each one in its corresponding groups. These groups are represented by their assigned labels. Later, these labels are used to predict the type of the incoming network traffic. In this paper, we propose a clustering scheme to use in intrusion detection systems, named CluSID. The major contribution of CluSID is using information theory for taking full advantages of clustering techniques. The main logic behind CluSID is to use non-uniform gain functions for network traffic features in order to improve the accuracy of clustering process. To this end, we apply information theory concepts for moving center of clusters to the most important areas in the domain of the selected features. The results clearly show a raise in detection rate of CluSID in most of the attack categories in comparison to KDD CUP'99 Winner and simple clustering methods. The increase in detection rate of proposed system is about 25 percent.

Published in:

Networks, 2005. Jointly held with the 2005 IEEE 7th Malaysia International Conference on Communication., 2005 13th IEEE International Conference on  (Volume:1 )

Date of Conference:

16-18 Nov. 2005