Towards an Unsupervised Method for Network Anomaly Detection in Large Datasets
Keywords:
Cluster, unsupervised, cluster stability, ensemble, anomaly detectionAbstract
In this paper, we present an effective tree based subspace clustering technique (TreeCLUSS) for finding clusters in network intrusion data and for detecting known as well as unknown attacks without using any labelled traffic or signatures or training. To establish its effectiveness in finding the appropriate number of clusters, we perform a cluster stability analysis. We also introduce an effective cluster labelling technique (CLUSSLab) to label each cluster based on the stable cluster set obtained from TreeCLUSS. CLUSSLab is a multi-objective technique that employs an ensemble approach for labelling each stable cluster generated by TreeCLUSS to achieve high detection rate. We also introduce an effective unsupervised feature clustering technique to identify the dominating feature set from each cluster. We evaluate the performance of both TreeCLUSS and CLUSSLab using several real world intrusion datasets to identify known as well as unknown attacks and find that results are excellent.Downloads
Download data is not yet available.
Downloads
Published
2014-06-02
How to Cite
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2014). Towards an Unsupervised Method for Network Anomaly Detection in Large Datasets. Computing and Informatics, 33(1), 1–34. Retrieved from https://www.cai.sk/ojs/index.php/cai/article/view/909
Issue
Section
Articles