Title :
An Unsupervised Anomaly Detection Approach using Subtractive Clustering and Hidden Markov Model
Author :
Yang, Chun ; Deng, Feiqi ; Yang, Haidong
Author_Institution :
South China Univ. of Technol., Guangzhou
Abstract :
Previous Research in network intrusion detection system (NIDS) has typically used misuse detection or supervised anomaly detection techniques. These techniques have difficulty in detecting new types of attacks or causing high false positives in real network environment. Unsupervised anomaly detection can overcome the drawbacks of misuse detection and supervised anomaly detection. In this paper, normal-anomaly patterns are built over the network traffic dataset that uses subtractive clustering, and at the same time the built Hidden Markov Model (HMM) correlates the observation sequences and state transitions to predict the most probable intrusion state sequences. The proposed unsupervised anomaly detection approach is capable of reducing false positives by classifying intrusion sequences into different emergency levels. The experimental results are also reported using the KDDCup´99 dataset and Matlab.
Keywords :
computer networks; hidden Markov models; pattern clustering; security of data; telecommunication security; telecommunication traffic; hidden Markov model; network intrusion detection system; network traffic dataset; real network environment; subtractive clustering; unsupervised anomaly detection approach; Automation; Computer displays; Computer networks; Computer vision; Data security; Educational institutions; Hidden Markov models; Intrusion detection; Telecommunication traffic; Traffic control; Hidden Markov Model; feature selection; intrusion detection; subtractive clustering;
Conference_Titel :
Communications and Networking in China, 2007. CHINACOM '07. Second International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4244-1009-5
Electronic_ISBN :
978-1-4244-1009-5
DOI :
10.1109/CHINACOM.2007.4469390
