Abstract
An unsupervised clustering-based intrusion detection algorithm is discussed in this paper. The basic idea of the algorithm is to produce the cluster by comparing the distances of unlabeled training data sets. With the classified data instances, anomaly data clusters can be easily identified by normal cluster ratio and the identified cluster can be used in real data detection. The benefit of the algorithm is that it doesn’t need labeled training data sets. The experiment concludes that this approach can detect unknown intrusions efficiently in the real network connections via using the data sets of KDD99.
Similar content being viewed by others
References
Jiang Jian-chun, Ma Heng-tai. A Survey of Network Security and Intrusion Detection.Journal of Software, 2000,11 (11): 1460–1466 (Ch).
Cecilia M P. Clustering Problems and Their Applications (a Survey). Department of Computer Science, Duke University. http://www.cs.duke.edu/~magda/, Dec 12, 2001.
Han Jia-wei, Micheline K.Data Mining Concepts and Techniques, Morgan: Kaufmann Publichers, 2001.
Portnoy L, Eskin E, Stolfo S J. Intrusion Detection with Unlabeled Data Using Clustering.Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA 2001). PA:Philadelphia, 2001.
KDD99. KDD99 Cup Dataset. http://kdd.ics.uci.edu/databases/kddcup99,Sept 21, 1999.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (90104005,90204011)
Biography: Luo Min (1974-), male, Ph. D candidate, research direction: network security.
Rights and permissions
About this article
Cite this article
Min, L., Huan-guo, Z. & Li-na, W. Research and implementation of unsupervised clustering-based intrusion detection. Wuhan Univ. J. of Nat. Sci. 8, 803–807 (2003). https://doi.org/10.1007/BF02900819
Received:
Issue Date:
DOI: https://doi.org/10.1007/BF02900819