A Novel Fuzzy Anomaly Detection Method Based on Clonal Selection Clustering Algorithm

  • Fenghua Lang
  • Jian Li
  • Yixian Yang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3930)


This paper presents a novel unsupervised fuzzy clustering method based on clonal selection algorithm for anomaly intrusion detection in order to solve the problem of fuzzy k-means algorithm which is particularly sensitive to initialization and fall easily into local optimization. This method can quickly obtain the global optimal clustering with a clonal operator which combines evolutionary search, global search, stochastic search and local search, then detect abnormal network behavioral patterns with a fuzzy detection algorithm. Simulation results on the data set KDD CUP99 show that this method can efficiently detect unknown intrusions with lower false positive rate and higher detection rate.


Intrusion Detection Fuzzy Cluster Anomaly Detection Intrusion Detection System Lower False Positive Rate 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dasgupta, D., Gonzalez, F.: An Immunity-Based Technique to Characterize Intrusions in Computer Networks. IEEE Trans. Evol. Comput. 6, 281–291 (2002)CrossRefGoogle Scholar
  2. 2.
    Sugbae, C., Sangjun, H.: Two Sophisticated Techniques to Improved HMM-Based Intrusion Detection Systems. In: Proceeding of RAID, Pittsburgh, September 2003, pp. 207–219 (2003)Google Scholar
  3. 3.
    He, D., Leung, H.: CFAR Intrusion Detection Method Based on Support Vector Machine Prediction. In: Proceeding of CIMSA 2004, Boston, July 2004, pp. 10–15 (2004)Google Scholar
  4. 4.
    Jeme, N.K.: Towards a Network Theory of the Immune System. Ann. Immunol., 373–389 (January 1974)Google Scholar
  5. 5.
    Castro, L.N., Von Zuben, F.J.: Learning and Optimization Using the Clone Selection Principal. IEEE Trans. Evol. Comput. 6(3), 239–251 (2002)CrossRefGoogle Scholar
  6. 6.
    Jie, L., Xinbo, G., Licheng, J.: A Novel Clustering Method with Network Structure Based on Clonal Algorithm. In: Proceedings of ICASSP 2004, Canada, May 2004, pp. 793–796 (2004)Google Scholar
  7. 7.
    Portnoy, L., Eskin, E., Stolfo, S.: Intrusion Detection with Unlabeled Data Using Clustering. In: Proceedings of DMSA 2001, Philadelphia, November 2001, pp. 5–8 (2001)Google Scholar
  8. 8.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Fenghua Lang
    • 1
  • Jian Li
    • 1
  • Yixian Yang
    • 1
  1. 1.Information Security Center, State Key Laboratory of Networking and SwitchingBeijing University of Posts and TelecommunicationsBeijingP.R. China

Personalised recommendations