An Abnormal Detection Model Based on Hybrid Clustering and Self Organizing Map

WANG Fei; QIAN Yuwen; WANG Zhiquan

Volume 39 Issue 2

Apr. 2010

Turn off MathJax

Article Contents

Abstract

References

INFORMATION AND CONTROL > 2010 > 39(2): 136-141.

WANG Fei, QIAN Yuwen, WANG Zhiquan. An Abnormal Detection Model Based on Hybrid Clustering and Self Organizing Map[J]. INFORMATION AND CONTROL, 2010, 39(2): 136-141.

Citation:

WANG Fei, QIAN Yuwen, WANG Zhiquan. An Abnormal Detection Model Based on Hybrid Clustering and Self Organizing Map[J]. INFORMATION AND CONTROL, 2010, 39(2): 136-141.

Citation:

WANG Fei, QIAN Yuwen, WANG Zhiquan. An Abnormal Detection Model Based on Hybrid Clustering and Self Organizing Map[J]. INFORMATION AND CONTROL, 2010, 39(2): 136-141.

An Abnormal Detection Model Based on Hybrid Clustering and Self Organizing Map

School of Automation, Nanjing University of Science and Technology, Nanjing 210094, China

More Information

Received Date: April 01, 2009
Revised Date: November 03, 2009
Published Date: April 19, 2010

Graphical Abstract

Abstract

Abstract

In view of the lack of information about anomalous connections in anomaly detection approach,an anomaly detection model based on hybrid clustering and self organizing map(SOM) is proposed.Firstly,a clustering algorithm is proposed in order to detect anomalous connections,and then the SOM is applied to classifying the pre-detected anomalous connections,through which high level information about anomalous connections is acquired.Finally the experimental data are used for simulation.The experiment result shows that this model is effective,and can classify the detected anomalous connections and give more information about that connection from the category which it belongs to.The model has a high efficiency of the detection and classification with low false rate.
- clustering,
- SOM,
- anomaly detection,
- information acquisition

FullText(HTML)

References (11)

References

[1]	IlgunK,Kemmerer R A.Porms P A.State transition analysis-A rule-based intrusion detection approach[J].IEEE Transac-tions on Software Engineering,1995,21(3):181-199.
[2]	Denning D E.An intrusion detection model[J].IEEE Transac-tions on Software Engineering,1987,13(2):222-232.
[3]	罗敏,王丽娜,张焕国.基于无监督聚类的入侵检测方法[J].电子学报,2003,31(11):1713-1716.
[4]	Hart J W,Kamber M.范明,孟小峰,等译.数据挖掘:概念与技术著[M].北京:机械工业出版社,2001.
[5]	蒋盛益,李庆华.基于引力的入侵检测方法[J].系统仿真学报,2005,17(9):2202-2206.
[6]	Jiang S Y,Song X Y,Wang H,et al.A clustering-based method for unsupervised intrusion detections[J].Pattern Recognition Letters,2006,27(7):802-810.
[7]	向继,高能,荆继武.聚类算法在网络入侵检测中的应用[J].计算机工程,2003,29(16):48-49,185.
[8]	Weng F F,Jiang Q S,Chen L F,et al.Clustering ensemble based on the fuzzy KNN algorithm[C] //The 8th ACIS Interna-tional Conference on Software Engineering,Artificial Intelli-gence,Networking,and Parallel/Distributed Computing.Piscat-away,NJ,USA:IEEE,2007:1001-1006.
[9]	Haykin S.Neural networks:A comprehensive foundation[M].Upper Saddle River,NJ,USA:Prentice-Hall,1999.
[10]	KDD99.KDD dataset[DB/OL].(1999-10-28)[2009-04-01].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[11]	Kayacik H G,Zincir-Heywood A N,Heywood M I.On the capability of all SOM based intrusion detection system[C] //International Joint Conference on Neural Networks:vol.3.Pis-cataway,NJ,USA:IEEE,2003:1808-1813.