Skip to main content
SpringerLink
Log in

Anomaly Intrusion Detection Based on Clustering a Data Stream

  • Conference paper
Book cover Information Security (ISC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4176))

Included in the following conference series:

Abstract

In anomaly intrusion detection, how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior as a profile, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes a new clustering algorithm which continuously models a data stream. A set of features is used to represent the characteristics of an activity. For each feature, the clusters of feature values corresponding to activities observed so far in an audit data stream are identified by the proposed clustering algorithm for data streams. As a result, without maintaining any historical activity of a user physically, new activities of the user can be continuously reflected to the on-going result of clustering.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mukherjee, B., Heberlein, T.L., Kevitt, K.N.: Network Intrusion Detection. IEEE Network 8(3), 26–41 (1994)

    Article  Google Scholar 

  2. Heady, R., Luger, G., Maccabe, A., Servilla, M.: The Architecture of a Network Level Intrusion Detection System, Technical Report, Computer Science Department, University of New Mexico (August 1990)

    Google Scholar 

  3. Javitz, H.S., Valdes, A.: The SRI IDES Statistical Anomaly Detector. In: Proc. of the 1991 IEEE Symposium on Research in Security and Privacy (May 1991)

    Google Scholar 

  4. Javitz, H.S., Valdes, A.: The NIDES Statistical Component Description and Justification, Annual report, SRI International, 333 Ravenwood Avenue, Menlo Park, CA 94025 (March 1994)

    Google Scholar 

  5. Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: 20th NISSC (October 1997)

    Google Scholar 

  6. Teng, H.S., Chen, K., Lu, S.C.: Security Audit Trail Analysis Using Inductively Generated Predictive Rules. In: Proceedings of the Sixth Conference on Artificial Intelligence Applications, Piscataway, New Jersey, March 1990, pp. 24–29. IEEE, Los Alamitos (1990)

    Chapter  Google Scholar 

  7. Stolfo, S.J., Prodromidis, A.L., Tselepis, S., Lee, W., Fan, D., Chan, P.K.: JAM: Java agents for Meta-Learning over Distributed Databases. In: Proc. KDD 1997 and AAAI 1997 Work. on AI Methods in Fraud and Risk Management (1997)

    Google Scholar 

  8. Guha, S., Meyerson, A., Mishra, N., Motwani, R., O’Callaghan, L.: Clustering data streams: Theory and practice. IEEE Trans. Knowl. Data Eng. 15(3), 515–528 (2003)

    Article  Google Scholar 

  9. Park, N.H., Lee, W.S.: Statistical grid-based clustering over data streams. SIGMOD Record 33(1), 32–37 (2004)

    Article  Google Scholar 

  10. Chang, J.H., Lee, W.S.: estWin: adaptively monitoring the recent change of frequent itemsets over online data streams. In: CIKM 2003, pp. 536–539 (2003)

    Google Scholar 

  11. MacQueen, J.: Some Methods for Classification and Analysis of Multivariate Observations. In: Proc. 5th Berkeley Symp., pp. 281–297 (1967)

    Google Scholar 

  12. Zhang, T., Ramakrishnan, R., Livny, M.: Birch: An Efficient data clustering method for very large databases. In: Proceedings for the ACM SIGMOD Conference on Management of Data, Montreal, Canada (June 1996)

    Google Scholar 

  13. Guha, S., Rastogi, R., Shim, K.: CURE: An Efficient Clustering Algorithm for Large Databases. In: ACM SIGMOD International Conference on Management of Data, Seattle, Washington (1998)

    Google Scholar 

  14. Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise. In: Proc. 2nd int. Conf. on Knowledge Discovery and Data Mining (KDD 1996), Portland, Oregon. AAAI Press, Menlo Park (1996)

    Google Scholar 

  15. Agrawal, R., Gehrke, J., Gunopulos, D., Raghavan, P.: Automatic Subspace Clustering of High Dimensional Data for Data Mining Applications. In: Proc. of the ACM SIGMOD Int’l Conference on Management of Data, Seattle, Washington (June 1998)

    Google Scholar 

  16. Jeong, T., Ambler, A.: Power efficiency system for flight application (PESFA) mission: Low power dissipation in digital circuit design for flight application/space communications. IEEE Tran. on Aerospace and Electronics Systems 42 (2006)

    Google Scholar 

  17. http://www.ll.mit.edu/IST/ideval/index.html

  18. Sun Microsystems. SunShield Basic Security Module Guid

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science, Yonsei Univ., Korea

    Sang-Hyun Oh & Won-Suk Lee

  2. Dept. of Computer Eng., Kunsan National Univ., Korea

    Jin-Suk Kang

  3. Dept. of Communication & Computer Eng, Cheju National Univ., Korea

    Yung-Cheol Byun

  4. Dept. of Electrical & Computer Engineering, University of Texas at Austin, USA

    Taikyeong T. Jeong

Authors
  1. Sang-Hyun Oh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jin-Suk Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yung-Cheol Byun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Taikyeong T. Jeong
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Won-Suk Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of the Aegean, University Hill, 81100, Mytilene, Greece

    Sokratis K. Katsikas

  2. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier López

  3. MPI-SWS,  

    Michael Backes

  4. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  5. Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Oh, SH., Kang, JS., Byun, YC., Jeong, T.T., Lee, WS. (2006). Anomaly Intrusion Detection Based on Clustering a Data Stream. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_30

Download citation

  • DOI: https://doi.org/10.1007/11836810_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-38341-3

  • Online ISBN: 978-3-540-38343-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation