Conference Proceedings

Adaptive clustering for network intrusion detection

J Oldmeadow, S Ravinutala, C Leckie, H Dai (ed.), R Srikant (ed.), C Zhang (ed.)

ADVANCES IN KNOWLEDGE DISCOVERY AND DATA MINING, PROCEEDINGS | SPRINGER-VERLAG BERLIN | Published : 2004

Abstract

A major challenge in network intrusion detection is how to perform anomaly detection. In practice, the characteristics of network traffic are typically non-stationary, and can vary over time. In this paper, we present a solution to this problem by developing a time-varying modification of a standard clustering technique, which means we can automatically accommodate nonstationary traffic distributions. In addition, we demonstrate how feature weighting can improve the classification accuracy of our anomaly detection system for certain types of attacks.