Abstract
Unsupervised anomaly detection is a very promising technique for intrusion detection. Among many other approaches, clustering algorithms have often been used to perform this task. However, to describe network traffic, both numerical and categorical variables are commonly used. So most clustering algorithms are not very well-suited to such data. Few clustering algorithms have been proposed for such heterogeneous data. Many approaches do not possess suitable complexity. In this article, using Relational Analysis, we propose a new, unified clustering criterion. This criterion is based on a new similarity function for values in a lattice, which can then be applied to both numerical and categorical variables. Finally we propose an optimisation heuristic of this criterion and an anomaly score which outperforms many state of the art solutions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abe, N., Zadrozny, B., Langford, J.: Outlier detection by active learning. In: Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 504–509. ACM (2006)
Cauchy, A.: Méthode générale pour la résolution des systemes d’équations simultanées. Comptes rendus hebdomadaires des séances de l’Académie des sciences 25(1847), 536–538 (1847)
Chah, S.: Comparaisons par triplets en classification automatique. Revue de statistique appliquée 34(1), 61–79 (1986)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection. In: Barbará, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security. ADIS, vol. 6, pp. 77–101. Springer, Heidelberg (2002). doi:10.1007/978-1-4615-0953-0_4
Gao, J., Hu, W., Li, W., Zhang, Z., Wu, O.: Local outlier detection based on kernel regression. In: 2010 20th International Conference on Pattern Recognition (ICPR), pp. 585–588. IEEE (2010)
Gao, J., Hu, W., Zhang, Z.M., Zhang, X., Wu, O.: RKOF: robust kernel-based local outlier detection. In: Huang, J.Z., Cao, L., Srivastava, J. (eds.) PAKDD 2011. LNCS, vol. 6635, pp. 270–283. Springer, Heidelberg (2011). doi:10.1007/978-3-642-20847-8_23
Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics. In: USENIX Security Symposium, pp. 115–131 (2001)
Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the Twenty-Eighth Australasian Conference on Computer Science, vol. 38, pp. 333–342. Australian Computer Society Inc. (2005)
Lichman, M.: UCI machine learning repository (2013)
Marcotorchino, J.-F., Michaud, P.: Optimisation en analyse ordinale des données. Masson, Paris (1979)
Marcotorchino, J.-F., Michaud, P.: Heuristic approach of the similarity aggregation problem. Methods Oper. Res. 43, 395–404 (1981)
Nogues, D.: Method for unsupervised classification of a plurality of objects and device for unsupervised classification associated with said method, EP Patent App. EP20,140,200,529 (2015)
Oldmeadow, J., Ravinutala, S., Leckie, C.: Adaptive clustering for network intrusion detection. In: Dai, H., Srikant, R., Zhang, C. (eds.) PAKDD 2004. LNCS, vol. 3056, pp. 255–259. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24775-3_33
Steinhaus, H.: Sur la division des corps matériels en parties. Bull. Acad. Polon. Sci. Cl. III 4, 801–804 (1956)
Yang, J., Zhong, N., Yao, Y., Wang, J.: Local peculiarity factor and its application in outlier detection. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2008, New York, NY, USA, pp. 776–784. ACM (2008)
You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, pp. 297–300. IEEE (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Nogues, D. (2017). Anomaly Detection in Network Traffic with a Relationnal Clustering Criterion. In: Nielsen, F., Barbaresco, F. (eds) Geometric Science of Information. GSI 2017. Lecture Notes in Computer Science(), vol 10589. Springer, Cham. https://doi.org/10.1007/978-3-319-68445-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-68445-1_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68444-4
Online ISBN: 978-3-319-68445-1
eBook Packages: Computer ScienceComputer Science (R0)