An Adaptive Anomaly Detection Based on Hierarchical Clustering

Traditional anomaly detection methods lack adaptive captivity in complex and heterogeneous network. Especially while facing high noise environments or the situation of updating profiles not in time, intrusion detection systems will have high false alarm rate. In this paper, a new anomaly detection algorithm based on hierarchical clustering, called ADBHC, is proposed. ADBHC generates clusters using density-based partitioning method which has less computational cost. It uses the improved hierarchical clustering tree to implement fast scalable and adaptive anomaly detection. The improved hierarchical clustering tree supports updating profiles at any time. We extend the clustering algorithm and apply branch and bound mechanism for filtering noise. With the help of two advantages: filtering noise and updating profiles at any time, our algorithm is effective enough to meet adaptive requirements. A series of experiment results on well known KDD Cup 1999 dataset indicate that ADBHC has low false alarm rate, high detection rate and a certain adaptive captivity in the progress of self-updating.