{"title":"一种基于异常的集成聚类网络入侵检测系统","authors":"V. Jackins, D. Punithavathani","doi":"10.1504/IJENM.2018.10015839","DOIUrl":null,"url":null,"abstract":"The numbers of hacking and intrusion incidents are high due to the increasing use of internet services and computer application. Therefore, intrusion detection systems (IDS) are inevitable in today's scenario (Koruba et al., 2017). In this paper, an unsupervised technique based on hybrid clustering algorithms is used for Anomaly detection. Incremental support vector machine (ISVM) and C means (FCM) algorithms are applied to preprocess the data set and detect the anomalies respectively. Further, the processed data is fed to the DBSCAN algorithm for further detection of anomalies. The results of the detection system are communicated to the intrusion prevention system (IPS). The proposed hybrid algorithm is applied for KDD Cup 1999 dataset and Gure Kdd Cup data base (2008) and the results show high detection rates and low false positive alarms. Further, the proposed technique performs well with a real time data in detecting anomalies with enhanced true positive rate.","PeriodicalId":39284,"journal":{"name":"International Journal of Enterprise Network Management","volume":"9 1","pages":"251"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"An anomaly-based network intrusion detection system using ensemble clustering\",\"authors\":\"V. Jackins, D. Punithavathani\",\"doi\":\"10.1504/IJENM.2018.10015839\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The numbers of hacking and intrusion incidents are high due to the increasing use of internet services and computer application. Therefore, intrusion detection systems (IDS) are inevitable in today's scenario (Koruba et al., 2017). In this paper, an unsupervised technique based on hybrid clustering algorithms is used for Anomaly detection. Incremental support vector machine (ISVM) and C means (FCM) algorithms are applied to preprocess the data set and detect the anomalies respectively. Further, the processed data is fed to the DBSCAN algorithm for further detection of anomalies. The results of the detection system are communicated to the intrusion prevention system (IPS). The proposed hybrid algorithm is applied for KDD Cup 1999 dataset and Gure Kdd Cup data base (2008) and the results show high detection rates and low false positive alarms. Further, the proposed technique performs well with a real time data in detecting anomalies with enhanced true positive rate.\",\"PeriodicalId\":39284,\"journal\":{\"name\":\"International Journal of Enterprise Network Management\",\"volume\":\"9 1\",\"pages\":\"251\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Enterprise Network Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/IJENM.2018.10015839\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Business, Management and Accounting\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Enterprise Network Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJENM.2018.10015839","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Business, Management and Accounting","Score":null,"Total":0}
引用次数: 4
摘要
由于越来越多地使用互联网服务和计算机应用程序,黑客和入侵事件的数量很高。因此,入侵检测系统(IDS)在今天的场景中是不可避免的(Koruba等人,2017)。本文将一种基于混合聚类算法的无监督技术用于异常检测。分别采用增量支持向量机(ISVM)和C均值(FCM)算法对数据集进行预处理和异常检测。此外,处理后的数据被馈送到DBSCAN算法,用于进一步检测异常。检测系统的结果被传送到入侵防御系统(IPS)。将所提出的混合算法应用于KDD Cup 1999数据集和Gure KDD Cup数据库(2008),结果表明检测率高,误报率低。此外,所提出的技术在检测具有增强的真阳性率的异常方面与实时数据表现良好。
An anomaly-based network intrusion detection system using ensemble clustering
The numbers of hacking and intrusion incidents are high due to the increasing use of internet services and computer application. Therefore, intrusion detection systems (IDS) are inevitable in today's scenario (Koruba et al., 2017). In this paper, an unsupervised technique based on hybrid clustering algorithms is used for Anomaly detection. Incremental support vector machine (ISVM) and C means (FCM) algorithms are applied to preprocess the data set and detect the anomalies respectively. Further, the processed data is fed to the DBSCAN algorithm for further detection of anomalies. The results of the detection system are communicated to the intrusion prevention system (IPS). The proposed hybrid algorithm is applied for KDD Cup 1999 dataset and Gure Kdd Cup data base (2008) and the results show high detection rates and low false positive alarms. Further, the proposed technique performs well with a real time data in detecting anomalies with enhanced true positive rate.