Anomaly intrusion detection based on dynamic cluster updating

Sang Hyun Oh, Won Suk Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)


For the effective detection of various intrusion methods into a computer, most of previous studies have been focused on the development of misuse-based intrusion detection methods. Recently, the works related to anomaly-based intrusion detection have attracted considerable attention because the anomaly detection technique can handle previously unknown intrusion methods effectively. However, most of them assume that the normal behavior of a user is fixed. Due to this reason, the new activities of the user may be regarded as anomalous events. In this paper, a new anomaly detection method based on an incremental clustering algorithm is proposed. To adaptively model the normal behavior of a user, the new profile of the user is effectively merged to the old one whenever new user transactions are added to the original data set.

Original languageEnglish
Title of host publicationAdvances in Knowledge Discovery and Data Mining - 11th Pacific-Asia Conference, PAKDD 2007, Proceedings
PublisherSpringer Verlag
Number of pages8
ISBN (Print)9783540717003
Publication statusPublished - 2007
Event11th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2007 - Nanjing, China
Duration: 2007 May 222007 May 25

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4426 LNAI
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other11th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2007

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Anomaly intrusion detection based on dynamic cluster updating'. Together they form a unique fingerprint.

Cite this