By Topic

A grid-based clustering for low-overhead anomaly intrusion detection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Zhong, Y. ; Grad. Sch. of Inf. Sci., Nagoya Univ., Chikusa, Japan ; Yamaki, H. ; Takakura, H.

To defend a network system from security risks, intrusion detection systems (IDSs) have been playing an important role in recent years. There are two types of detection algorithms of IDSs: misuse detection and anomaly detection. Because misuse detection is based on a signature which is created from the features of attack traffic by security experts, it can achieve accurate and stable detection. However, its weakness is the difficulty of detecting new attacks (i.e., 0-day attack), and the cost of maintaining the latest signature version. Thinking of the increase of the skillful intrusion, e.g., intrusion showing similar access behavior to normal, misuse detection cannot handle these critical attacks, which results in a large number of false alarms. To cope with these problems, we present a clustering algorithm based on an unsupervised anomaly detection. We evaluated our system using Kyoto2006+ data set and KDD Cup 1999 data set. Evaluation results show that our approach achieved a higher detection rate in the region of very low false positive rate and real-time preprocessing capability.

Published in:

Network and System Security (NSS), 2011 5th International Conference on

Date of Conference:

6-8 Sept. 2011