Novel Approach for Network Traffic Pattern Analysis using Clustering-based Collective Anomaly Detection
Tóm tắt
Từ khóa
Tài liệu tham khảo
Roesch M (1999) Snort—lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX conference on system administration, LISA ’99. USENIX Association, Berkeley, CA, USA, pp 229–238
Shi Y, Tian Y, Kou G, Peng Y, Li J (2011) Optimization based data mining: theory and applications. Springer, New York
Shi Y (2010) Multiple criteria optimization-based data mining methods and applications: a systematic survey. Knowl Inf Syst 24(3):369–391
Barford P, Kline J, Plonka D, Ron A (2002) A signal analysis of network traffic anomalies. In: Proceedings of the 2Nd ACM SIGCOMM workshop on internet measurment, IMW ’02. ACM, New York, NY, USA, pp 71–82
Portnoy L, Eskin E, Stolfo S (2001) Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS workshop on data mining applied to security (DMSA-2001, pp 5–8
Valdes A, Javitz HS (1993) The nides statistical component: Description and justification, In: Technical Report
Peng T, Leckie C, Ramamohanarao K (2002) Detecting distributed denial of service attacks using source ip address monitoring. In: Proceedings of the 3rd international IFIP-TC6 networking conference (Networking 2004, Springer, pp 771–782
MacQueen JB (1967) Some methods for classification and analysis of multivariate observations. In: Cam, LML Neyman J (Eds) Proceedings of the fifth berkeley symposium on mathematical statistics and probability, Vol. 1, University of California Press, pp 281–297
DARPA dataset, accessed: 2014–10-02.[Online]. Available: www.ll.mit.edu
KDD Cup dataset, accessed: 2014–10-02.[Online]. Available: www.kdd.ics.uci.edu
Leung K, Leckie C (2005) Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the 28th Australasian conference on computer science—Volume 38, ACSC ’05. Australian Computer Society Inc, Darlinghurst, Australia, Australia, pp 333–342
Brauckhoff D, Dimitropoulos X, Wagner et al (2009) Anomaly extraction in backbone networks using association rules. IEEE/ACM Trans Netw (TON) 20:1788–1799
Singhal A, Jajodia S (2006) Data warehousing and data mining techniques for intrusion detection systems. Distrib Parallel Databases 20(2):149–166
Ye N, Li X (2001) A scalable clustering technique for intrusion signature recognition. In: Proceedings of 2001 IEEE workshop on information assurance and security, pp 1–4
Gao M, Tian J, Xia M (2009) Intrusion detection method based on classify support vector machine. In: Intelligent computation technology and automation, 2009. ICICTA ’09. Second international conference on, Vol. 2, 2009, pp 391–394
Kendall K (1999) A database of computer attacks for the evaluation of intrusion detection systems. In: DARPA off-line intrusion detection evaluation, proceedings of DARPA information survivality conference and eexposition (DISCEX), p 12–26
Ahmed M, Mahmood AN (2014) Network traffic pattern analysis using improved information-theoretic co-clustering based collective anomaly detection. In: Security and privacy in communication networks, lecture notes of the institute for computer sciences, social informatics and telecommunications engineering, Springer, Berlin Heidelberg
Dan Pelleg AM (2000) X-means: extending k-means with efficient estimation of the number of clusters. In: Proceedings of the 17th international conference on machine learning. Morgan Kaufmann, San Francisco, pp 727–734
Ahmed M, Naser A (2013) A novel approach for outlier detection and clustering improvement. In: Industrial electronics and applications (ICIEA), 2013 8th IEEE conference on, 2013, pp 577–582
Mardia KV, Kent JT, Bibby JM (1979) Multivariate analysis. Academic Press, London
Ahmed M, Mahmood AN, Hu J (2014) Outlier detection, In: The state of the art in intrusion prevention and detection, CRC Press, USA 2014, pp 3–23
Ahmed M, Mahmood AN, Islam MR (2015) A survey of anomaly detection techniques in financial domain. Futur Gener Comput Syst
Ahmed M, Anwar A, Mahmood AN, Shah Z, Maher MJ (2015) An investigation of performance analysis of anomaly detection techniques for big data in scada systems. EAI Endorsed Trans Ind Netw Intell Syst 2:2015
Mennatallah Amer MG (2012) Nearest-neighbor and clustering based anomaly detection algorithms for rapidminer, 1st edn. Shaker Verlag GmbH, Aachen
He Z, Xu X, Deng S (2003) Discovering cluster based local outliers. Pattern Recognit Lett 2003:9–10
Ahmed M, Mahmood A (2014) Network traffic analysis based on collective anomaly detection. In: Industrial electronics and applications (ICIEA), 2014 IEEE 9th Conference on, June 2014, pp 1141–1146
Wang K, Stolfo SJ (2004) Anomalous payload-based network intrusion detection. In: Jonsson E, Valdes A, Almgren M (Eds), RAID of lecture notes in computer science. Springer, New York, Vol. 3224, pp 203–222
Kyoto Dataset, accessed: 2014–10-02.[Online]. Available: www.takakura.com
Mahmood A, Leckie C, Udaya P (2007) A scalable sampling scheme for clustering in network traffic analysis. In: Proceedings of the 2nd international conference on scalable information systems, infoScale ’07, 2007, pp 38:1–38:8
Claffy KC, Polyzos GC, Braun H-W (1993) Application of sampling methodologies to network traffic characterization. SIGCOMM Comput Commun Rev 23(4):194–203
Ipsumdump tool, accessed: 2014–10-02.[Online]. Available: www.cs.ucla.edu
Wang X, Abraham A, Smith KA (2005) Intelligent web traffic mining and analysis. J Netw Comput Appl 28(2):147–165
Zhu R (2011) Intelligent rate control for supporting real-time traffic in WLAN mesh networks. J Netw Comput Appl 34(5):1449–1458