Anomaly Detection in Computer Networks Using Dissimilarity-Based One-Class Classifiers

Author

Ma, Jun ; Dai, Guanzhong

Author_Institution

Northwestern Polytech. Univ., Xian

Volume

2

fYear

2008

Firstpage

14

Lastpage

18

Abstract

Anomaly detection in computer networks tries to detect traffic deviation from the normal model. Traditionally, feature-based one-class classifiers are the main components of anomaly detection systems. The performance of this anomaly detection system largely depends on the result of the feature selection. dissimilarity representations describe an object by its dissimilarities to a set of target class. The dissimilarity-based one-class classifiers (DBOCCs) are constructed on dissimilarity representations. Redundancy and relativity of the features cast little influence on the performance of DBOCCs. This paper proposes anomaly detection using DBOCCs with unsupervised learning approach. Several combinations of DBOCCs scheme have also been used. The experimental results on KDDCUP´99 dataset shows that DBOCCs can achieve high detection rate and low false positive without large degeneration in performance as traditional feature-based classifiers suffered when different feature subsets have been used.

Keywords

computer networks; learning (artificial intelligence); security of data; telecommunication traffic; anomaly detection systems; computer networks; dissimilarity representations; dissimilarity-based one-class classifiers; traffic deviation detection; unsupervised learning; Application software; Classification algorithms; Computer networks; Constitution; Intelligent networks; Intelligent systems; Intrusion detection; Telecommunication traffic; Traffic control; Unsupervised learning;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Systems Design and Applications, 2008. ISDA '08. Eighth International Conference on

Conference_Location

Kaohsiung

Print_ISBN

978-0-7695-3382-7

Type

conf

DOI

10.1109/ISDA.2008.129

Filename

4696299