Abstract
This paper introduces the combined fuzzy-based approaches to detect the anomalous network traffic such as DoS/DDoS or probing attacks, which include Adaptive Neuro-Fuzzy Inference System (ANFIS) and Fuzzy C-Means (FCM) clustering. The basic idea of the algorithm is: at first using ANFIS the original multi-dimensional (M-D) feature space of network connections is transformed to a compact one-dimensional (1-D) feature space, secondly FCM clustering is used to classify the 1-D feature space into the anomalous and the normal.PCA is also used for dimensional reduction of the original feature space during feature extraction. This algorithm combines the advantages of high accuracy in supervised learning technique and high speed in unsupervised learning technique. A publicly available DRAPA/KDD99 dataset is used to demonstrate the approaches and the results show their accuracy in detecting anomalies of the network connections.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer Worm. IEEE Security and Privacy Magazine 1(4), 33–39 (2003)
Chen, T.M., Robert, J.-M.: Worm Epidemics in High-Speed Networks. IEEE Computer, 48–53 (June 2004)
Lee, W., Stolfo, S., Mok, K.: A Data Mining Framework for Buiding Intrusion Detection Models. In: Proc. of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA (May 1999)
Theodoridis, S., Koutroumbas, K.: Pattern Recognition, 2nd edn. Elsevier Science, Amsterdam (2003)
Kim, D.S., Park, J.S.: Network-Based Intrusion Detection with Support Vector Machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)
Hofmann, A., Schmitz, C., Sick, B.: Intrusion Detection in Computer Networks with Neural and Fuzzy Classifiers. In: Kaynak, O., Alpaydın, E., Oja, E., Xu, L. (eds.) ICANN 2003 and ICONIP 2003. LNCS, vol. 2714, pp. 316–324. Springer, Heidelberg (2003)
Ramadas, M., Ostermann, S., Tjaden, B.: Detecting Anomalous Network Traffic with Self–organizing Maps. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 36–54. Springer, Heidelberg (2003)
Cho, S.–B., Han, S.–J.: Two Sophisticated Techniques to Improve HMM– Based Intrusion Detection Systems. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 207–219. Springer, Heidelberg (2003)
Oh, S.H., Lee, W.S.: Optimized Clustering for Anomaly Intrusion Detection. In: Whang, K.-Y., Jeon, J., Shim, K., Srivatava, J. (eds.) PAKDD 2003. LNCS (LNAI), vol. 2637, pp. 576–581. Springer, Heidelberg (2003)
Scott, S.L.: A Bayesian Paradigm for Designing Intrusion Detection Systems. Computational Statistics & Data Analysis 45, 69–83 (2004)
Thottan, M., Ji, C.: Anomaly Detection in IP Networks. IEEE Tran. on Signal Processing 51(8), 2191–2204 (2003)
Anderson, J.P.: Computer Secuirty Threat Monitoring and Surveillance. Technical Report, Fort Washington. Pennsyslvania (April 1980)
Denning, D.E.: An Intrusion Detection Model. IEEE Trans. on Software Engineering 13(2), 222–232 (1987)
Yeung, D.-Y., Ding, Y.: Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models. Pattern Recognition 36, 229–243 (2003)
Verwoerd, T., Hunt, R.: Intrusion Detection Techniques and Approaches. Computer Commnications 25, 1356–1365 (2002)
Jain, A.K., Murty, M.N., Flynn, P.J.: Data Clustering: A Review. ACM Computing Surveys 31(3), 264–323 (1999)
Jang, J.S.R.: ANFIS: Adaptive–Network-Based Fuzzy Inferrence System. IEEE Trans. on Systems, Man and Cybernetics 23(3), 665–685 (1993)
KDD Cup 1999 Data (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Stolfo, S.J., Fan, W., Lee, W., Prodromidis, A., Chan, P.K.: Cost– Based Modeling and Evaluation for Data Mining with Application to Fraud and Intrusion Detection: Results from the JAM Project. Technical Report (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
He, HT., Luo, XN., Liu, BL. (2005). Detecting Anomalous Network Traffic with Combined Fuzzy-Based Approaches. In: Huang, DS., Zhang, XP., Huang, GB. (eds) Advances in Intelligent Computing. ICIC 2005. Lecture Notes in Computer Science, vol 3645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11538356_45
Download citation
DOI: https://doi.org/10.1007/11538356_45
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28227-3
Online ISBN: 978-3-540-31907-8
eBook Packages: Computer ScienceComputer Science (R0)