Anomaly detection based on unsupervised niche clustering with application to network intrusion detection

Author

Leon, Elizabeth ; Nasraoui, Olfa ; Gomez, Jonatan

Author_Institution

Dept. of Electr. & Comput. Eng., Memphis Univ., USA

Volume

1

fYear

2004

fDate

19-23 June 2004

Firstpage

502

Abstract

We present a new approach to anomaly detection based on unsupervised niche clustering (UNC). The UNC is a genetic niching technique for clustering that can handle noise, and is able to determine the number of clusters automatically. The UNC uses the normal samples for generating a profile of the normal space (clusters). Each cluster can later be characterized by a fuzzy membership function that follows a Gaussian shape defined by the evolved cluster centers and radii. The set of memberships are aggregated using a max-or fuzzy operator in order to determine the normalcy level of a data sample. Experiments on synthetic and real data sets, including a network intrusion detection data set, are performed and some results are analyzed and reported.

Keywords

authorisation; computer networks; fuzzy set theory; genetic algorithms; message authentication; pattern clustering; unsupervised learning; Gaussian shape; anomaly detection; fuzzy membership function; genetic niching technique; intrusion detection data set; max-or fuzzy operator; network intrusion detection; real data sets; synthetic data sets; unsupervised niche clustering; Application software; Character generation; Clustering algorithms; Colored noise; Computer networks; Evolutionary computation; Genetics; Intrusion detection; Robustness; Shape;

fLanguage

English

Publisher

ieee

Conference_Titel

Evolutionary Computation, 2004. CEC2004. Congress on

Print_ISBN

0-7803-8515-2

Type

conf

DOI

10.1109/CEC.2004.1330898

Filename

1330898