Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2018, Vol. 58 Issue (2) : 137-142     DOI: 10.16511/j.cnki.qhdxxb.2018.26.005
COMPUTER SCIENCE AND TECHNOLOGY |
K-means based feature reduction for network anomaly detection
JIA Fan1, YAN Yan2, ZHANG Jiaqi1
1. Key Laboratory of Communication & Information Systems of Beijing, Beijing Jiaotong University, Beijing 100044, China;
2. China Information Security Certification Center, Beijing 100020, China
Download: PDF(1241 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks    
Abstract  Although the basic K-means test was used for anomaly detection in the KDD 99 attack dataset, its accuracy and efficiency for detecting rare attacks needs to be improved. Rare attacks, which are usually greater threats, are easily hidden by common threats so the rare attacks can be more easily identified by removing common attacks. An improved hierarchical iterative K-means method was developed based on this finding to detect all kinds of anomalies using feature reduction through correlations to decrease classification the dimensions. The algorithm is able to detect almost every rare attack with a 99% succesful classification rate and for nearly real-time detection with 90% less computations on the KDD 99 data compared with the basic K-means algorithm.
Keywords anomaly detection      K-means      feature reduction      U2R      R2L     
ZTFLH:  O242.21  
Issue Date: 15 February 2018
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
JIA Fan
YAN Yan
ZHANG Jiaqi
Cite this article:   
JIA Fan,YAN Yan,ZHANG Jiaqi. K-means based feature reduction for network anomaly detection[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 137-142.
URL:  
http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2018.26.005     OR     http://jst.tsinghuajournals.com/EN/Y2018/V58/I2/137
  
  
  
  
  
  
[1] NI X J, HE D J, FAROOQ A. Practical network anomaly detection using data mining techniques[J]. VFAST Transactions on Software Engineering, 2016, 9(2):1-6.
[2] TROST R. Practical intrusion analysis:Prevention and detection for the twenty-first century[M]. New York:Addison-Wesley, 2009.
[3] BHUYAN M H, BHATTACHARYYA D K, KALITA J K. Network anomaly detection:Methods, systems and tools[J]. IEEE Communications Surveys & Tutorials, 2014, 16(1):303-336.
url: http://dx.doi.org/Communications Surveys
[4] KNORR E M, NG R T. Algorithms for mining distance-based outliers in large datasets[C]//Proceedings of the 24th International Conference on Very Large Data Bases. New York, USA:Morgan Kaufmann, 1998:392-403.
[5] WEI L, QIAN W N, ZHOU A Y, et al. Hot:Hypergraph-based outlier test for categorical data[C]//Proceedings of the 7th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining. Seoul, Korea:Springer, 2003:399-410.
[6] BAY S D, SCHWABACHER M. Mining distance-based outliers in near linear time with randomization and a simple pruning rule[C]//Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. Washington, DC, USA:ACM Press, 2003:29-38.
[7] BREUNIG M M, KRIEGEL H P, NG R T, et al. LOF:Identifying density-based local outliers[J]. ACM SIGMOD Record, 2000, 29(2):93-104.
[8] 季成, 李晓东, 袁坚, 等. 基于<em>K</em>-means算法的DNS查询模式分析[J]. 清华大学学报(自然科学版), 2010, 50(4):601-604.JI C, LI X D, YUAN J, et al. Analysis of domain name queries based on the <em>K</em>-means algorithm[J]. Journal of Tsinghua University (Science and Technology), 2010, 50(4):601-604. (in Chinese)
[9] KDD Cup 1999 Intrusion detection dataset[EB/OL]. (1999-10-28). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
url: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[10] 蒋学英, 李雅珍, 严结苟. 基于SOM神经网络的异常检测算法研究[J]. 计算机科学, 2008, 35(10B):244-246. JIANG X Y, LI Y Z, YAN J G. Research on anomaly detection algorithm based on SOM neural network[J]. Computer Science, 2008, 35(10B):244-246. (in Chinese)
[11] MOUSTAFA N, SLAY J. The evaluation of network anomaly detection systems:Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD 99 data set[J]. Information Security Journal:A Global Perspective, 2016, 25(1-3):18-31.
[12] WELLER-FAHY D J, BORGHETTI B J, SODEMANN A A. A survey of distance and similarity measures used within network intrusion anomaly detection[J]. IEEE Communications Surveys & Tutorials, 2014, 17(1):70-91.
url: http://dx.doi.org/Communications Surveys
[13] 傅涛, 孙文静, 孙亚民. 基于分箱统计的FCM算法及其在网络入侵检测中的应用[J]. 计算机科学, 2008, 35(4):36-39.FU T, SUN W J, SUN Y M. FCM algorithm based on Box-FCM statistics and its application in network intrusion detection[J]. Computer Science, 2008, 35(4):36-39. (in Chinese)
[14] SYARIF I, PRUGEL-BENNETT A, WILLS G. Unsupervised clustering approach for network anomaly detection[C]//International Conference on Networked Digital Technologies (NDT 2012). Berlin, Germany:Springer, 2012:135-145.
[1] WANG Zhiguo, ZHANG Yujin. Anomaly detection in surveillance videos: A survey[J]. Journal of Tsinghua University(Science and Technology), 2020, 60(6): 518-529.
[2] LIANG Jie, CHEN Jiahao, ZHANG Xueqin, ZHOU Yue, LIN Jiajun. One-hot encoding and convolutional neural network based anomaly detection[J]. Journal of Tsinghua University(Science and Technology), 2019, 59(7): 523-529.
[3] SONG Yubo, YANG Huiwen, WU Wei, HU Aiqun, GAO Shang. Joint DDoS detection system based on software-defined networking[J]. Journal of Tsinghua University(Science and Technology), 2019, 59(1): 28-35.
[4] CHEN Xingshu, CHEN Jiaxin, ZHAO Dandan, JIN Xin. Anomaly detection based on IO sequences in a virtual machine with the Markov mode[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(4): 395-401,410.
[5] ZHAO Ri, LIU Liye, LI Junli. Anomaly gamma spectra detection based on principal component analysis and the Mahalanobis distance[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(8): 826-831.
[6] LIU Jinzhao, ZHOU Yuezhi, ZHANG Yaoxue. Wavelet-based approach for anomaly detection of online services in cloud computing systems[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(5): 550-554.
[7] LI Xu, TU Ming, WU Chao, GUO Yanmeng, NA Yueyue, FU Qiang, YAN Yonghong. Single-channel speech separation with non-negative matrix factorization and factorial conditional random fields[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(1): 84-88.
[8] CHEN Yuanlin, CHAI Yueting, LIU Yi, XU Yang. Transaction rating credibility based on user group preference[J]. Journal of Tsinghua University(Science and Technology), 2015, 55(5): 558-564,571.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd