Anomaly intrusion detection based on dynamic cluster updating

Sang Hyun Oh; Won Suk Lee

doi:10.1007/978-3-540-71701-0_80

Anomaly intrusion detection based on dynamic cluster updating

Sang Hyun Oh, Won Suk Lee

College of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

For the effective detection of various intrusion methods into a computer, most of previous studies have been focused on the development of misuse-based intrusion detection methods. Recently, the works related to anomaly-based intrusion detection have attracted considerable attention because the anomaly detection technique can handle previously unknown intrusion methods effectively. However, most of them assume that the normal behavior of a user is fixed. Due to this reason, the new activities of the user may be regarded as anomalous events. In this paper, a new anomaly detection method based on an incremental clustering algorithm is proposed. To adaptively model the normal behavior of a user, the new profile of the user is effectively merged to the old one whenever new user transactions are added to the original data set.

Original language	English
Title of host publication	Advances in Knowledge Discovery and Data Mining - 11th Pacific-Asia Conference, PAKDD 2007, Proceedings
Publisher	Springer Verlag
Pages	737-744
Number of pages	8
ISBN (Print)	9783540717003
DOIs	https://doi.org/10.1007/978-3-540-71701-0_80
Publication status	Published - 2007
Event	11th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2007 - Nanjing, China Duration: 2007 May 22 → 2007 May 25

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4426 LNAI
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	11th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2007
Country/Territory	China
City	Nanjing
Period	07/5/22 → 07/5/25

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-71701-0_80

Cite this

Oh, S. H., & Lee, W. S. (2007). Anomaly intrusion detection based on dynamic cluster updating. In Advances in Knowledge Discovery and Data Mining - 11th Pacific-Asia Conference, PAKDD 2007, Proceedings (pp. 737-744). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4426 LNAI). Springer Verlag. https://doi.org/10.1007/978-3-540-71701-0_80

Oh, Sang Hyun ; Lee, Won Suk. / Anomaly intrusion detection based on dynamic cluster updating. Advances in Knowledge Discovery and Data Mining - 11th Pacific-Asia Conference, PAKDD 2007, Proceedings. Springer Verlag, 2007. pp. 737-744 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{f0b527ac168445c7aabf40ca87c09b4c,

title = "Anomaly intrusion detection based on dynamic cluster updating",

abstract = "For the effective detection of various intrusion methods into a computer, most of previous studies have been focused on the development of misuse-based intrusion detection methods. Recently, the works related to anomaly-based intrusion detection have attracted considerable attention because the anomaly detection technique can handle previously unknown intrusion methods effectively. However, most of them assume that the normal behavior of a user is fixed. Due to this reason, the new activities of the user may be regarded as anomalous events. In this paper, a new anomaly detection method based on an incremental clustering algorithm is proposed. To adaptively model the normal behavior of a user, the new profile of the user is effectively merged to the old one whenever new user transactions are added to the original data set.",

author = "Oh, {Sang Hyun} and Lee, {Won Suk}",

year = "2007",

doi = "10.1007/978-3-540-71701-0_80",

language = "English",

isbn = "9783540717003",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "737--744",

booktitle = "Advances in Knowledge Discovery and Data Mining - 11th Pacific-Asia Conference, PAKDD 2007, Proceedings",

address = "Germany",

note = "11th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2007 ; Conference date: 22-05-2007 Through 25-05-2007",

}

Oh, SH & Lee, WS 2007, Anomaly intrusion detection based on dynamic cluster updating. in Advances in Knowledge Discovery and Data Mining - 11th Pacific-Asia Conference, PAKDD 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4426 LNAI, Springer Verlag, pp. 737-744, 11th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2007, Nanjing, China, 07/5/22. https://doi.org/10.1007/978-3-540-71701-0_80

Anomaly intrusion detection based on dynamic cluster updating. / Oh, Sang Hyun; Lee, Won Suk.

Advances in Knowledge Discovery and Data Mining - 11th Pacific-Asia Conference, PAKDD 2007, Proceedings. Springer Verlag, 2007. p. 737-744 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4426 LNAI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Anomaly intrusion detection based on dynamic cluster updating

AU - Oh, Sang Hyun

AU - Lee, Won Suk

PY - 2007

Y1 - 2007

N2 - For the effective detection of various intrusion methods into a computer, most of previous studies have been focused on the development of misuse-based intrusion detection methods. Recently, the works related to anomaly-based intrusion detection have attracted considerable attention because the anomaly detection technique can handle previously unknown intrusion methods effectively. However, most of them assume that the normal behavior of a user is fixed. Due to this reason, the new activities of the user may be regarded as anomalous events. In this paper, a new anomaly detection method based on an incremental clustering algorithm is proposed. To adaptively model the normal behavior of a user, the new profile of the user is effectively merged to the old one whenever new user transactions are added to the original data set.

AB - For the effective detection of various intrusion methods into a computer, most of previous studies have been focused on the development of misuse-based intrusion detection methods. Recently, the works related to anomaly-based intrusion detection have attracted considerable attention because the anomaly detection technique can handle previously unknown intrusion methods effectively. However, most of them assume that the normal behavior of a user is fixed. Due to this reason, the new activities of the user may be regarded as anomalous events. In this paper, a new anomaly detection method based on an incremental clustering algorithm is proposed. To adaptively model the normal behavior of a user, the new profile of the user is effectively merged to the old one whenever new user transactions are added to the original data set.

UR - http://www.scopus.com/inward/record.url?scp=38049098197&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38049098197&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-71701-0_80

DO - 10.1007/978-3-540-71701-0_80

M3 - Conference contribution

AN - SCOPUS:38049098197

SN - 9783540717003

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 737

EP - 744

BT - Advances in Knowledge Discovery and Data Mining - 11th Pacific-Asia Conference, PAKDD 2007, Proceedings

PB - Springer Verlag

T2 - 11th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2007

Y2 - 22 May 2007 through 25 May 2007

ER -

Oh SH, Lee WS. Anomaly intrusion detection based on dynamic cluster updating. In Advances in Knowledge Discovery and Data Mining - 11th Pacific-Asia Conference, PAKDD 2007, Proceedings. Springer Verlag. 2007. p. 737-744. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-71701-0_80

Anomaly intrusion detection based on dynamic cluster updating

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this