Y-means: a clustering method for intrusion detection

Author

Guan, Yu ; Ghorbani, Ali A. ; Belacel, Nabil

Author_Institution

Fac. of Comput. Sci., New Brunswick Univ., Fredericton, NB, Canada

Volume

2

fYear

2003

fDate

4-7 May 2003

Firstpage

1083

Abstract

As the Internet spreads to each comer of the world, computers are exposed to miscellaneous intrusions from the World Wide Web. We need effective intrusion detection systems to protect our computers from these unauthorized or malicious actions. Traditional instance-based learning methods for intrusion detection can only detect known intrusions since these methods classify instances based on what they have learned. They rarely detect the intrusions that they have not learned before. In this paper, we present a clustering heuristic for intrusion detection, called Y-means. This proposed heuristic is based on the K-means algorithm and other related clustering algorithms. It overcomes two shortcomings of K-means: number of clusters dependency and degeneracy. The result of simulations run on the KDD-99 data set shows that Y-means is an effective method for partitioning large data space. A detection rate of 89.89% and a false alarm rate of 1.00% are achieved with Y-means.

Keywords

Internet; pattern classification; pattern clustering; safety systems; Internet; K-means algorithm; KDD-99 data set; World Wide Web; Y-means; clustering method; effective intrusion detection systems; outlier; traditional instance-based learning methods; Clustering algorithms; Clustering methods; Computer networks; Information systems; Information technology; Intrusion detection; Learning systems; Niobium; Partitioning algorithms; Web sites;

fLanguage

English

Publisher

ieee

Conference_Titel

Electrical and Computer Engineering, 2003. IEEE CCECE 2003. Canadian Conference on

ISSN

0840-7789

Print_ISBN

0-7803-7781-8

Type

conf

DOI

10.1109/CCECE.2003.1226084

Filename

1226084