The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
O sistema de detecção de intrusões (IDS) tem desempenhado um papel importante como dispositivo para defender nossas redes contra ataques cibernéticos. No entanto, uma vez que não é capaz de detectar ataques desconhecidos, ou seja, ataques de dia 0, o maior desafio no campo da detecção de intrusões é como podemos identificar exactamente tal ataque de forma automatizada. Nos últimos anos, vários estudos sobre a solução desses problemas foram feitos na detecção de anomalias usando técnicas de aprendizagem não supervisionadas, como clustering, máquina de vetores de suporte de classe única (SVM), etc. e esforço, e têm capacidade para detectar ataques imprevistos, eles ainda enfrentam principalmente dois problemas na detecção de intrusões: uma baixa taxa de detecção e uma alta taxa de falsos positivos. Neste artigo, propomos um novo método de detecção de anomalias baseado em clustering e múltiplos SVM de uma classe, a fim de melhorar a taxa de detecção enquanto mantém uma baixa taxa de falsos positivos. Avaliamos nosso método usando o conjunto de dados KDD Cup 1999. Os resultados da avaliação mostram que nossa abordagem supera os algoritmos existentes relatados na literatura; especialmente na detecção de ataques desconhecidos.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Jungsuk SONG, Hiroki TAKAKURA, Yasuo OKABE, Yongjin KWON, "Unsupervised Anomaly Detection Based on Clustering and Multiple One-Class SVM" in IEICE TRANSACTIONS on Communications,
vol. E92-B, no. 6, pp. 1981-1990, June 2009, doi: 10.1587/transcom.E92.B.1981.
Abstract: Intrusion detection system (IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it is unable to detect unknown attacks, i.e., 0-day attacks, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack by an automated manner. Over the past few years, several studies on solving these problems have been made on anomaly detection using unsupervised learning techniques such as clustering, one-class support vector machine (SVM), etc. Although they enable one to construct intrusion detection models at low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we propose a new anomaly detection method based on clustering and multiple one-class SVM in order to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that our approach outperforms the existing algorithms reported in the literature; especially in detection of unknown attacks.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E92.B.1981/_p
Copiar
@ARTICLE{e92-b_6_1981,
author={Jungsuk SONG, Hiroki TAKAKURA, Yasuo OKABE, Yongjin KWON, },
journal={IEICE TRANSACTIONS on Communications},
title={Unsupervised Anomaly Detection Based on Clustering and Multiple One-Class SVM},
year={2009},
volume={E92-B},
number={6},
pages={1981-1990},
abstract={Intrusion detection system (IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it is unable to detect unknown attacks, i.e., 0-day attacks, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack by an automated manner. Over the past few years, several studies on solving these problems have been made on anomaly detection using unsupervised learning techniques such as clustering, one-class support vector machine (SVM), etc. Although they enable one to construct intrusion detection models at low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we propose a new anomaly detection method based on clustering and multiple one-class SVM in order to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that our approach outperforms the existing algorithms reported in the literature; especially in detection of unknown attacks.},
keywords={},
doi={10.1587/transcom.E92.B.1981},
ISSN={1745-1345},
month={June},}
Copiar
TY - JOUR
TI - Unsupervised Anomaly Detection Based on Clustering and Multiple One-Class SVM
T2 - IEICE TRANSACTIONS on Communications
SP - 1981
EP - 1990
AU - Jungsuk SONG
AU - Hiroki TAKAKURA
AU - Yasuo OKABE
AU - Yongjin KWON
PY - 2009
DO - 10.1587/transcom.E92.B.1981
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E92-B
IS - 6
JA - IEICE TRANSACTIONS on Communications
Y1 - June 2009
AB - Intrusion detection system (IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it is unable to detect unknown attacks, i.e., 0-day attacks, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack by an automated manner. Over the past few years, several studies on solving these problems have been made on anomaly detection using unsupervised learning techniques such as clustering, one-class support vector machine (SVM), etc. Although they enable one to construct intrusion detection models at low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we propose a new anomaly detection method based on clustering and multiple one-class SVM in order to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that our approach outperforms the existing algorithms reported in the literature; especially in detection of unknown attacks.
ER -