Y-means: A Clustering Method for Intrusion Detection

Download
  1. (PDF, 371 KB)
AuthorSearch for: ; Search for: ; Search for:
TypeArticle
ConferenceCanadian Conference on Electrical and Computer Engineering, May 3-4, 2003., Montréal, Québec, Canada
Subjectclustering; intrusion detection; K-means; outlier
AbstractAs the Internet spreads to each corner of the world, computers are exposed to miscellaneous intrusions from the World Wide Web. We need effective intrusion detection systems to protect our computers from these unauthorized or malicious actions. Traditional instance-based learning methods for Intrusion Detection can only detect known intrusions since these methods classify instances based on what they have learned. They rarely detect the intrusions that they have not learned before. In this paper, we present a clustering heuristic for intrusion detection, called Y-means. This proposed heuristic is based on the K-means algorithm and other related clustering algorithms. It overcomes two shortcomings of K-means: number of clusters dependency and degeneracy. The result of simulations run on the KDD-99 data set shows that Y-means is an effective method for partitioning large data space. A detection rate of 89.89% and a false alarm rate of 1.00% are achieved with Y-means.
Publication date
LanguageEnglish
AffiliationNRC Institute for Information Technology; National Research Council Canada
Peer reviewedNo
NRC number45842
NPARC number8913828
Export citationExport as RIS
Report a correctionReport a correction
Record identifier18efc855-5f13-4a7c-90ee-852e9c51c782
Record created2009-04-22
Record modified2016-05-09
Bookmark and share
  • Share this page with Facebook (Opens in a new window)
  • Share this page with Twitter (Opens in a new window)
  • Share this page with Google+ (Opens in a new window)
  • Share this page with Delicious (Opens in a new window)