An Unsupervised Clustering Algorithm for Intrusion Detection

Download
  1. (PDF, 265 KB)
AuthorSearch for: ; Search for: ; Search for:
TypeArticle
ConferenceAdvances in Artificial Intelligence, The 16th Conference of the Canadian Society for Computational Studies of Intelligence (AI 2003), June 11-13, 2003., Halifax, Nova Scotia, Canada
AbstractAs the Internet spreads to each corner of the world, computers are exposed to miscellaneous intrusions from the World Wide Web. Thus, we need effective intrusion detection systems to protect our computers from the intrusions. Traditional instance-based learning methods can only be used to detect known intrusions since these methods classify instances based on what they have learned. They rarely detect new intrusions since these intrusion classes has not been learned before. We expect an unsupervised algorithm to be able to detect new intrusions as well as known intrusions.<br /><br />In this paper, we propose a clustering algorithm for intrusion detection, called Y-means. This algorithm is developed based on the H-means+ algorithm [2] (an improved version of the K-means algorithm [1]) and other related clustering algorithms of K-means. Y-means is able to automatically partition a data set into a reasonable number of clusters so as to classify the instances into 'normal' clusters and 'abnormal' clusters. It overcomes two shortcomings of K-means: degeneracy and dependency on the number of clusters.<br /><br />The results of simulations that run on KDD-99 data set [3] show that Y-means is an effective method for partitioning large data set. An 89.89% detection rate and a 1.00% false alarm rate were achieved with the Y-means algorithm.
Publication date
LanguageEnglish
AffiliationNRC Institute for Information Technology; National Research Council Canada
Peer reviewedNo
NRC number45843
NPARC number5764311
Export citationExport as RIS
Report a correctionReport a correction
Record identifier2820b823-8731-4927-a235-4050e28fe6bf
Record created2009-03-29
Record modified2016-05-09
Bookmark and share
  • Share this page with Facebook (Opens in a new window)
  • Share this page with Twitter (Opens in a new window)
  • Share this page with Google+ (Opens in a new window)
  • Share this page with Delicious (Opens in a new window)