Towards an Unsupervised Method for Network Anomaly Detection in Large Datasets

Authors

  • Monowar Hussain Bhuyan Dept. of CSE, Tezpur University
  • Dhruba K. Bhattacharyya Dept. of CSE, Tezpur University
  • Jugal K. Kalita Dept. of Computer Science, University of Colorado

Keywords:

Cluster, unsupervised, cluster stability, ensemble, anomaly detection

Abstract

In this paper, we present an effective tree based subspace clustering technique (TreeCLUSS) for finding clusters in network intrusion data and for detecting known as well as unknown attacks without using any labelled traffic or signatures or training. To establish its effectiveness in finding the appropriate number of clusters, we perform a cluster stability analysis. We also introduce an effective cluster labelling technique (CLUSSLab) to label each cluster based on the stable cluster set obtained from TreeCLUSS. CLUSSLab is a multi-objective technique that employs an ensemble approach for labelling each stable cluster generated by TreeCLUSS to achieve high detection rate. We also introduce an effective unsupervised feature clustering technique to identify the dominating feature set from each cluster. We evaluate the performance of both TreeCLUSS and CLUSSLab using several real world intrusion datasets to identify known as well as unknown attacks and find that results are excellent.

Downloads

Download data is not yet available.

Author Biographies

Monowar Hussain Bhuyan, Dept. of CSE, Tezpur University

Monowar Hussain Bhuyan received his M.Tech. in Information Technology from Tezpur University, India, in 2009. Currently, he is a Ph.D. candidate and Senior Research Fellow, CSIR in the Department of Computer Science and Engineering at Tezpur University. He is a life member of IETE, India. His research areas include biometric authentication, data mining, and network security. He has published eleven papers in international journals and referred conference proceedings.

Dhruba K. Bhattacharyya, Dept. of CSE, Tezpur University

Dhruba Kr Bhattacharyya received his Ph.D. in Computer Science from Tezpur University in 1999. Currently, he is a Professor in the Computer Science & Engineering Department at Tezpur University. His research areas include data mining, network security and bioinformatics. Prof. Bhattacharyya has published more than 140 research papers in leading international journals and conference proceedings. Dr. Bhattacharyya also has written/edited 8 books. He is on the editorial boards of several international journals and also on the programme committees/advisory bodies of several international conferences/workshops.

Jugal K. Kalita, Dept. of Computer Science, University of Colorado

Jugal K. Kalita is a professor of Computer Science at the University of Colorado at Colorado Springs. He received his Ph.D. from the University of Pennsylvania in 1990. His research interests are in natural language processing, machine learning, artificial intelligence, bioinformatics and applications of AI techniques to computer and network security. He has published more than 100 papers in international journals and referred conference proceedings and has written a book. Professor Kalita is a frequent visitor of Tezpur University where he collaborates on research projects with faculty and students.

Downloads

Published

2014-06-02

How to Cite

Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2014). Towards an Unsupervised Method for Network Anomaly Detection in Large Datasets. Computing and Informatics, 33(1), 1–34. Retrieved from https://www.cai.sk/ojs/index.php/cai/article/view/909