Publication: Fast predictor-corrector intrusion detection system based on clustering
Loading...
Identifiers
Publication date
2004-09
Defense date
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
Díaz de Santos
Impact
Export
Abstract
A predictor-corrector intrusion detection system is proposed, whose predictors are various clustering algorithms with different initial parameters that operate in parallel on the current data set. The decisions whether abnormal behaviour is detected in the current data set are made by a number of assessors that implement various clustering quality evaluation techniques. The manager of the system estimates the quality of decision making from the pieces of information obtained a posteriori and then varies the parameters of the predictors and/or the assessors in order to achieve better overall performance of the system. In such a way, the intelligence of the system is delegated to higher decision making levels, which improves the effectiveness. Experimental results regarding the effectiveness of the system are given with the KDD CUP 1999 test data as the reference data set. These results show that very good overall performance can be achieved by selecting properly various system parameters.
Description
Proceeding of: Reunión Española sobre Criptología y Seguridad de la Información (RECSI '04)Leganés, Madrid
Keywords
Anomaly detection, Clustering, Decision making, Intrusion detection system
Bibliographic citation
Avances en criptología y seguridad de la información. Actas de la VIII Reunión Española sobre Criptología y Seguridad de la Información. Madrid: Díaz de Santos, 2004, pp. 507-516