Distributed intrusion detection based on clustering

Author

Zhang, Yu-fang ; Xiong, Zhong-Yang ; Wang, Xiu-Qiong

Author_Institution

Dept. of Comput. Sci., Chongqing Univ., China

Volume

4

fYear

2005

fDate

18-21 Aug. 2005

Firstpage

2379

Abstract

The research on distributed intrusion detection system (DIDS) is a rapidly growing area of interest because the existence of centralized intrusion detection system (IDS) techniques is increasingly unable to protect the global distributed information infrastructure. Distributed analysis employed by agent-based DIDS is an accepted fabulous method. Clustering-based intrusion detection technique overcomes the drawbacks of relying on labeled training data which most current anomaly-based intrusion detection depend on. Clustering-based DIDS technique according to the advantages of two techniques is presented. For effectively choosing the attacks, twice clustering is employed: the first clustering is to choose the candidate anomalies at agent IDS and the second clustering is to choose the true attack at central IDS. At last, through experiment on the KDD CUP 1999 data records of network connections verified that the methods put forward is better.

Keywords

data mining; learning (artificial intelligence); mobile agents; security of data; workstation clusters; KDD CUP 1999 data records; agent-based DIDS; clustering-based DIDS technique; distributed intrusion detection system; global distributed information infrastructure; Computer science; Data analysis; Data mining; Data security; Intrusion detection; Monitoring; Pattern analysis; Pattern recognition; Protection; Training data; Anomaly detection; Cluster; Data mining; Distributed intrusion Detection system; Intrusion detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Machine Learning and Cybernetics, 2005. Proceedings of 2005 International Conference on

Conference_Location

Guangzhou, China

Print_ISBN

0-7803-9091-1

Type

conf

DOI

10.1109/ICMLC.2005.1527342

Filename

1527342