Anomaly Intrusion Detection Based on Clustering a Data Stream

  • Sang-Hyun Oh
  • Jin-Suk Kang
  • Yung-Cheol Byun
  • Taikyeong T. Jeong
  • Won-Suk Lee
Conference paper

DOI: 10.1007/11836810_30

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4176)
Cite this paper as:
Oh SH., Kang JS., Byun YC., Jeong T.T., Lee WS. (2006) Anomaly Intrusion Detection Based on Clustering a Data Stream. In: Katsikas S.K., López J., Backes M., Gritzalis S., Preneel B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg

Abstract

In anomaly intrusion detection, how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior as a profile, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes a new clustering algorithm which continuously models a data stream. A set of features is used to represent the characteristics of an activity. For each feature, the clusters of feature values corresponding to activities observed so far in an audit data stream are identified by the proposed clustering algorithm for data streams. As a result, without maintaining any historical activity of a user physically, new activities of the user can be continuously reflected to the on-going result of clustering.

Keywords

Intrusion detection Anomaly detection Data mining Clustering Data stream 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sang-Hyun Oh
    • 1
  • Jin-Suk Kang
    • 2
  • Yung-Cheol Byun
    • 3
  • Taikyeong T. Jeong
    • 4
  • Won-Suk Lee
    • 1
  1. 1.Dept. of Computer ScienceYonsei Univ.Korea
  2. 2.Dept. of Computer Eng.Kunsan National Univ.Korea
  3. 3.Dept. of Communication & Computer EngCheju National Univ.Korea
  4. 4.Dept. of Electrical & Computer EngineeringUniversity of Texas at AustinUSA

Personalised recommendations