Attacks against computer networks are evolving rapidly. Conventional intrusion detection system based on pattern matching and static signatures have a significant limitation since the signature database should be updated frequently. The unsupervised learning algorithm can overcome this limitation. Ant Clustering Algorithm (ACA) is a popular unsupervised learning algorithm to classify data into different categories. However, ACA needs to be complemented with other algorithms for the classification process. In this paper, we present a fuzzy anomaly detection system that works in two phases. In the first phase, the training phase, we propose ACA to determine clusters. In the second phase, the classification phase, we exploit a fuzzy approach by the combination of two distance-based methods to detect anomalies in new monitored data. We validate our hybrid approach using the KDD Cup'99 dataset. The results indicate that, compared to several traditional and new techniques, the proposed hybrid approach achieves higher detection rate and lower false positive rate.
Muhamad Erza AMINANTO
the Korea Advanced Institute of Science and Technology (KAIST)
HakJu KIM
the Korea Advanced Institute of Science and Technology (KAIST)
Kyung-Min KIM
the Korea Advanced Institute of Science and Technology (KAIST)
Kwangjo KIM
the Korea Advanced Institute of Science and Technology (KAIST)
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Muhamad Erza AMINANTO, HakJu KIM, Kyung-Min KIM, Kwangjo KIM, "Another Fuzzy Anomaly Detection System Based on Ant Clustering Algorithm" in IEICE TRANSACTIONS on Fundamentals,
vol. E100-A, no. 1, pp. 176-183, January 2017, doi: 10.1587/transfun.E100.A.176.
Abstract: Attacks against computer networks are evolving rapidly. Conventional intrusion detection system based on pattern matching and static signatures have a significant limitation since the signature database should be updated frequently. The unsupervised learning algorithm can overcome this limitation. Ant Clustering Algorithm (ACA) is a popular unsupervised learning algorithm to classify data into different categories. However, ACA needs to be complemented with other algorithms for the classification process. In this paper, we present a fuzzy anomaly detection system that works in two phases. In the first phase, the training phase, we propose ACA to determine clusters. In the second phase, the classification phase, we exploit a fuzzy approach by the combination of two distance-based methods to detect anomalies in new monitored data. We validate our hybrid approach using the KDD Cup'99 dataset. The results indicate that, compared to several traditional and new techniques, the proposed hybrid approach achieves higher detection rate and lower false positive rate.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E100.A.176/_p
Copy
@ARTICLE{e100-a_1_176,
author={Muhamad Erza AMINANTO, HakJu KIM, Kyung-Min KIM, Kwangjo KIM, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Another Fuzzy Anomaly Detection System Based on Ant Clustering Algorithm},
year={2017},
volume={E100-A},
number={1},
pages={176-183},
abstract={Attacks against computer networks are evolving rapidly. Conventional intrusion detection system based on pattern matching and static signatures have a significant limitation since the signature database should be updated frequently. The unsupervised learning algorithm can overcome this limitation. Ant Clustering Algorithm (ACA) is a popular unsupervised learning algorithm to classify data into different categories. However, ACA needs to be complemented with other algorithms for the classification process. In this paper, we present a fuzzy anomaly detection system that works in two phases. In the first phase, the training phase, we propose ACA to determine clusters. In the second phase, the classification phase, we exploit a fuzzy approach by the combination of two distance-based methods to detect anomalies in new monitored data. We validate our hybrid approach using the KDD Cup'99 dataset. The results indicate that, compared to several traditional and new techniques, the proposed hybrid approach achieves higher detection rate and lower false positive rate.},
keywords={},
doi={10.1587/transfun.E100.A.176},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - Another Fuzzy Anomaly Detection System Based on Ant Clustering Algorithm
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 176
EP - 183
AU - Muhamad Erza AMINANTO
AU - HakJu KIM
AU - Kyung-Min KIM
AU - Kwangjo KIM
PY - 2017
DO - 10.1587/transfun.E100.A.176
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E100-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2017
AB - Attacks against computer networks are evolving rapidly. Conventional intrusion detection system based on pattern matching and static signatures have a significant limitation since the signature database should be updated frequently. The unsupervised learning algorithm can overcome this limitation. Ant Clustering Algorithm (ACA) is a popular unsupervised learning algorithm to classify data into different categories. However, ACA needs to be complemented with other algorithms for the classification process. In this paper, we present a fuzzy anomaly detection system that works in two phases. In the first phase, the training phase, we propose ACA to determine clusters. In the second phase, the classification phase, we exploit a fuzzy approach by the combination of two distance-based methods to detect anomalies in new monitored data. We validate our hybrid approach using the KDD Cup'99 dataset. The results indicate that, compared to several traditional and new techniques, the proposed hybrid approach achieves higher detection rate and lower false positive rate.
ER -