Anomaly Detection Using Improved Hierarchy Clustering

Author

Hu Liang ; Ren Wei-wu ; Ren Fei

Author_Institution

Dept. of Comput. Sci. & Technol., Jilin Univ., Changchun, China

Volume

1

fYear

2009

fDate

7-8 Nov. 2009

Firstpage

319

Lastpage

323

Abstract

Most anomaly detection methods can not be fit for the changing and complex network. High noise and updating normality profiles not in time will lead to high false alarm rate. In this paper, a new anomaly detection algorithm using improved hierarchy clustering, called ADIHC, is proposed in this paper. It applies an improved hierarchy clustering tree to organize clusters which are obtained by density-based partitioning method. We extend the clustering algorithm and apply branch and bound method for filtering noise. With the help of two advantages: filtering noise and updating normality profiles at any time, our algorithm is suitable for the changing and complex network. A series of experimental results on well known KDD Cup 1999 dataset indicate that ADIHC has superior performance of detection and meets more real-time requirements of intrusion detection system.

Keywords

pattern clustering; security of data; tree searching; ADIHC algorithm; anomaly detection; branch-and-bound method; density based partitioning method; improved hierarchy clustering; Artificial intelligence; Clustering algorithms; Clustering methods; Complex networks; Computational intelligence; Computer science; Detection algorithms; Filtering algorithms; Intrusion detection; Partitioning algorithms; anomaly detecion; branch and bound; hierarchy clustering; normality profiles;

fLanguage

English

Publisher

ieee

Conference_Titel

Artificial Intelligence and Computational Intelligence, 2009. AICI '09. International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-4244-3835-8

Electronic_ISBN

978-0-7695-3816-7

Type

conf

DOI

10.1109/AICI.2009.239

Filename

5376194