To Identify Suspicious Activity in Anomaly Detection based on Soft Computing

W. Chimphlee, M. Sap, A. Abdullah, S. Chimphlee, Surat Srinoy
{"title":"To Identify Suspicious Activity in Anomaly Detection based on Soft Computing","authors":"W. Chimphlee, M. Sap, A. Abdullah, S. Chimphlee, Surat Srinoy","doi":"10.5555/1166890.1166951","DOIUrl":null,"url":null,"abstract":"The Traditional intrusion detection systems (IDS) look for unusual or suspicious activity, such as patterns of network traffic that are likely indicators of unauthorized activity. However, normal operation often produces traffic that matches likely \"attack signature\", resulting in false alarms. In this paper we propose an intrusion detection method that proposes rough set based feature selection heuristics and using fuzzy c-means for clustering data. Rough set has to decrease the amount of data and get rid of redundancy. Fuzzy Clustering methods allow objects to belong to several clusters simultaneously, with different degrees of membership. Our approach allows us to recognize not only known attacks but also to increase accuracy detection rate for suspicious activity and signature detection. Empirical studies using the network security data set from the DARPA 1998 offline intrusion detection project (KDD 1999 Cup) show the feasibility of misuse and anomaly detection results.","PeriodicalId":91205,"journal":{"name":"Artificial intelligence and applications (Commerce, Calif.)","volume":"33 1","pages":"359-364"},"PeriodicalIF":0.0000,"publicationDate":"2006-02-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Artificial intelligence and applications (Commerce, Calif.)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5555/1166890.1166951","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8

Abstract

The Traditional intrusion detection systems (IDS) look for unusual or suspicious activity, such as patterns of network traffic that are likely indicators of unauthorized activity. However, normal operation often produces traffic that matches likely "attack signature", resulting in false alarms. In this paper we propose an intrusion detection method that proposes rough set based feature selection heuristics and using fuzzy c-means for clustering data. Rough set has to decrease the amount of data and get rid of redundancy. Fuzzy Clustering methods allow objects to belong to several clusters simultaneously, with different degrees of membership. Our approach allows us to recognize not only known attacks but also to increase accuracy detection rate for suspicious activity and signature detection. Empirical studies using the network security data set from the DARPA 1998 offline intrusion detection project (KDD 1999 Cup) show the feasibility of misuse and anomaly detection results.
基于软计算的异常检测中可疑活动识别
传统的入侵检测系统(IDS)寻找不寻常或可疑的活动,例如网络流量的模式,这些模式可能是未授权活动的指示器。但正常运行时,往往会产生与可能的“攻击特征”相匹配的流量,导致误报。本文提出了一种基于粗糙集的特征选择启发式方法和模糊c-means聚类数据的入侵检测方法。粗糙集必须减少数据量,消除冗余。模糊聚类方法允许对象同时属于多个具有不同隶属度的聚类。我们的方法不仅可以识别已知的攻击,还可以提高可疑活动和签名检测的准确率。利用DARPA 1998离线入侵检测项目(KDD 1999 Cup)的网络安全数据集进行的实证研究表明,误用和异常检测结果是可行的。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信