Publication:
Labelling clusters in an intrusion detection system using a combination of clustering evaluation techniques

Loading...
Thumbnail Image
Identifiers
ISSN: 1530-1605
ISBN: 0-7695-2507-5
Publication date
2006-01
Defense date
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
IEEE
Impact
Google Scholar
Export
Research Projects
Organizational Units
Journal Issue
Abstract
A new clusters labelling strategy, which combines the computation of the Davies-Bouldin index of the clustering and the centroid diameters of the clusters is proposed for application in anomaly based intrusion detection systems (IDS). The aim of such a strategy is to detect compact clusters containing very similar vectors and these are highly likely to be attack vectors. Experimental results comparing the effectiveness of a multiple classifier IDS with such a labelling strategy and that of the classical cardinality labelling based IDS show that the proposed strategy behaves much better in a heavily attacked environment where massive attacks are present. The parameters of the labelling algorithm can be varied in order to adapt to the conditions in the monitored network.
Description
Proceeding of the: 39th Annual Hawaii International Conference on System Sciences, 2006 (HICSS’06)
Keywords
Clustering, IDS, Intrusion detection
Bibliographic citation
39th Annual Hawaii International Conference on System Sciences, 2006. Proceedings. (HICSS’06), vol. 6, pág. 129b