Title :
Using Density-Based Incremental Clustering for Anomaly Detection
Author :
Ren, Fei ; Hu, Liang ; Liang, Hao ; Liu, Xiaobo ; Ren, Weiwu
Author_Institution :
Coll. of Comput. Sci. & Technol., Jilin Univ., Changchun
Abstract :
This paper proposed a new anomaly detection algorithm that can update normal profile of system usage pattern dynamically. The feature used to model systempsilas usage pattern was program behavior. When system usage pattern changed, new program behaviors will be inserted into old profiles by density-based incremental clustering. Compared to traditional re-clustering updating, it is much more efficiently. Experiments with 1998 DARPA BSM audit data, shows that normal profiles generated by our algorithm is less sensitive to noise data objects than profile generated by analogous incremental algorithm ADWICE. So our algorithm shows an incremental detection quality and a much lower false alarm rate.
Keywords :
pattern clustering; security of data; 1998 DARPA BSM audit data; ADWICE; analogous incremental algorithm; anomaly detection algorithm; density-based incremental clustering; incremental detection quality; noise data objects; program behavior; re-clustering updating; system usage pattern; Clustering algorithms; Computer science; Detection algorithms; Educational institutions; Information science; Intrusion detection; Noise generators; Shape; Software engineering; Spatial databases; anomaly detection; incremental clustering; normal profile; program behavior;
Conference_Titel :
Computer Science and Software Engineering, 2008 International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-0-7695-3336-0
DOI :
10.1109/CSSE.2008.811
