Network Anomaly Detection Using Unsupervised Feature Selection and Density Peak Clustering

Conference paper

DOI: 10.1007/978-3-319-39555-5_12

Volume 9696 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Ni X., He D., Chan S., Ahmad F. (2016) Network Anomaly Detection Using Unsupervised Feature Selection and Density Peak Clustering. In: Manulis M., Sadeghi AR., Schneider S. (eds) Applied Cryptography and Network Security. ACNS 2016. Lecture Notes in Computer Science, vol 9696. Springer, Cham

Abstract

Intrusion detection systems (IDSs) play a significant role to effectively defend our crucial computer systems or networks against attackers on the Internet. Anomaly detection is an effective way to detect intrusion, which can discover patterns that do not conform to expected behavior. The mainstream approaches of ADS (anomaly detection system) are using data mining technology to automatically extract normal pattern and abnormal ones from a large set of network data and distinguish them from each other. However, supervised or semi-supervised approaches in data mining rely on data label information. This is not practical when the network data is large-scale. In this paper, we propose a two-stage approach, unsupervised feature selection and density peak clustering to tackle label lacking situations. First, the density-peak based clustering approach is introduced for network anomaly detection, which considers both distance and density nature of data. Second, to achieve better performance of clustering process, we use maximal information coefficient and feature clustering to remove redundant and irrelevant features. Experimental results show that our method can get rid of useless features of high-dimensional data and achieves high detection accuracy and efficiency in the meanwhile.

Keywords

Anomaly detection Data mining Feature selection Maximal information coefficient Density peak clustering 

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Xiejun Ni
    • 1
  • Daojing He
    • 1
  • Sammy Chan
    • 2
  • Farooq Ahmad
    • 3
  1. 1.School of Computer Science and Software EngineeringEast China Normal UniversityShanghaiChina
  2. 2.Department of Electronic EngineeringCity University of Hong KongHong KongChina
  3. 3.Department of Computer ScienceCOMSATS Institute of Information TechnologyLahorePakistan