Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge

Casas, Pedro; Mazel, Johan; Owezarski, Philippe

doi:10.1016/j.comcom.2012.01.016

Cited by 217 publications

(99 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The performance of the proposed approach is evaluated through experiments using the well-known KDD Cup 1999 data set and further experiments using the honeypot data recently collected fro m Kyoto University. It is shown that the proposed approach significantly increase the detection rate while the false alarm rate remains lo w. Casas P et al [33] has proposed an unsupervised network intrusion detection system. Proposed method was evaluated on three different traffic datasets, including the well-known KDD dataset as well as real t raffic t races fro m two operational networks.…”

Section: Powers S T Et Al [24]mentioning

confidence: 99%

Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets

Azad

Jha²

2013

IJITCS

View full text Add to dashboard Cite

Abstract-In the era of info rmation and communicat ion technology, Security is an important issue. A lot of effort and finance are being invested in this sector. Intrusion detection is one of the mos t prominent fields in this area. Data min ing in network intrusion detection can automate the network intrusion detection field with a greater efficiency. This paper presents a literature survey on intrusion detection system. The research papers taken in this literature survey are published fro m 2000 to 2012. We can see that almost 67 % of the research papers are focused on anomaly detection, 23 % on both anomaly and misuse detection and 10 % on misuse detection. In this literature survey statistics shows that 42 % KDD cup dataset, 20 % DA RPA dataset and 38 % other datasets are used by the different researchers for testing the effectiveness of their proposed method for misuse detection, anomaly detection or both.

show abstract

Section: Powers S T Et Al [24]mentioning

confidence: 99%

Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets

Azad

Jha²

2013

IJITCS

View full text Add to dashboard Cite

show abstract

“…Training a supervised classifier like Naive Bayes requires labelling the training data. According to P. Casas, J. Mazel, and P. Owezarski [10], this task is time consuming and complex. Increase in training data translates into increase in training cost due to labelling for large multidimensional data set like kdd 99 benchmark dataset.…”

Section: Related Workmentioning

confidence: 99%

Analysis of the Effect of Clustering the Training Data in Naive Bayes Classifier for Anomaly Network Intrusion Detection

Subramanian¹,

Ong²

2014

JACN

View full text Add to dashboard Cite

Abstract-This paper presents the analysis of the effect of clustering the training data and test data in classification efficiency of Naive Bayes classifier. KDD cup 99 benchmark dataset is used in this research. The training set is clustered using k means clustering algorithm into 5 clusters. Then 8800 samples are taken from the clusters to form the training and test set. The results are compared with that of two Naive Bayes classifiers trained on random sampled data containing 8800 and 17600 instances respectively. The main contribution of this paper is that it is empirically proved that the training set derived from clusters generated by k-means clustering algorithm improves the classification efficiency of the Naive Bayes classifier. The results show the accuracy of the Naive Bayes classifier trained with clustered instances is 94.4% while that of normal instances are 85.41% and 89.26%.

show abstract

“…Pedro Casas et al [11] detected new attack (unknown) without knowledge of any signature, labelled data or training. For that purpose, unsupervised network IDS use outlier detection method which is based on subspace clustering and multiple evidence accumulation method for various network intrusion and attack.…”

Section: Related Workmentioning

confidence: 99%

Partial Least Square based Improved Intrusion Detection System

Sangve¹,

Kulkarni²

2017

IJCA

View full text Add to dashboard Cite

Various Artificial Intelligence (AI) based computing techniques for intrusion detection has been proposed using popular large-scale datasets like DARPA 98 and KDD Cup 99. However, AI based systems such as using representative instances are computationally inefficient. In this paper, the computationally efficient approach is proposed for anomaly detection by combining Partial Least Square (PLS) and technique of extracting representative instances. The PLS helps in feature selection and provides dimensionality reduction. Further, to decline the processing time the representative instances are properly chosen from the data set before classification. The classic instances are selected from the subsets of data which are obtained by Centroid-based partitioning technique. The system utilizes these paradigmatic instances as a training set. Finally, KNN classifier is trained using these paradigmatic instances. The results obtained using the proposed approach indicates a considerable fall in the processing time and space utilization.

show abstract

Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge

Cited by 217 publications

References 23 publications

Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets

Data Mining in Intrusion Detection: A Comparative Study of Methods, Types and Data Sets

Analysis of the Effect of Clustering the Training Data in Naive Bayes Classifier for Anomaly Network Intrusion Detection

Partial Least Square based Improved Intrusion Detection System

Contact Info

Product

Resources

About