CFP last date
15 May 2024
Reseach Article

Anomaly Detection using a Clustering Technique

by Anusha Jayasimhan, Jayant Gadge
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 2 - Number 8
Year of Publication: 2012
Authors: Anusha Jayasimhan, Jayant Gadge

Anusha Jayasimhan, Jayant Gadge . Anomaly Detection using a Clustering Technique. International Journal of Applied Information Systems. 2, 8 ( June 2012), 5-9. DOI=10.5120/ijais12-450391

@article{ 10.5120/ijais12-450391,
author = { Anusha Jayasimhan, Jayant Gadge },
title = { Anomaly Detection using a Clustering Technique },
journal = { International Journal of Applied Information Systems },
issue_date = { June 2012 },
volume = { 2 },
number = { 8 },
month = { June },
year = { 2012 },
issn = { 2249-0868 },
pages = { 5-9 },
numpages = {9},
url = { },
doi = { 10.5120/ijais12-450391 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
%0 Journal Article
%1 2023-07-05T10:43:43.025031+05:30
%A Anusha Jayasimhan
%A Jayant Gadge
%T Anomaly Detection using a Clustering Technique
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 2
%N 8
%P 5-9
%D 2012
%I Foundation of Computer Science (FCS), NY, USA

Computer networks are usually vulnerable to attacks by any unauthorized person trying to misuse the resources. Hence they need to be protected against such attacks by Intrusion Detection Systems (IDS). The traditional prevention techniques such as user authentication, data encryption, avoidance of programming errors, and firewalls are only used as the first line of defense. But, if a password is weak and is compromised, user authentication cannot prevent unauthorized use. Similarly, firewalls are vulnerable to errors in configuration and sometimes have ambiguous/undefined security policies. They fail to protect against malicious mobile code, insider attacks and unsecured modems. Therefore, intrusion detection is required as an additional wall for protecting systems. Previously many techniques have been used for the effective detection of intrusions. One of the major issues is however the accuracy of these systems i. e an increase in the number of false negatives. Due to the increasing amount of new and novel types of attacks, any activity which is harmful or malicious may not be identified. To overcome this issue, a clustering technique i. e Simple K Means is used to identify and detect novel attacks and also to reduce the false negative rate.

  1. Lee,Salvatore J. Stolfo," A framework for constructing features and models for intrusion detection systems," ACM Transactions on Information and System Security, Vol. 3, No. 4, November 2000, Pages 227–261.
  2. Neri, F. , "Comparing local search with respect to genetic evolution to detect intrusion in computer networks", In Proc. of the 2000 Congress on Evolutionary Computation CEC00, La Jolla, CA, pp. 238243. IEEE Press, pp 16-19 July, 2000.
  3. Neri, F. , "Mining TCP/IP traffic for network intrusion detection", In R. L. de M'antaras and E. Plaza (Eds. ), Proc. of Machine Learning: ECML 2000, 11th European Conference on Machine Learning, Volume 1810 of Lecture Notes in Computer Science, Barcelona, Spain, pp. 313-322,May 31- June 2, 2000.
  4. Dasgupta, D. and F. A. Gonzalez, "An intelligent decision support system for intrusion detection and response",In Proc. of International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-ACNS), St. Petersburg. Springer-Verlag, 21-23 May, 2001.
  5. Debar, H. , Becker, M. , and Siboni, D. , "A neural network component for an intrusion detection system", IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos, CA, pp. 240–250, Oakland, CA, May 1992.
  6. Sandhya Peddabachigaria, Ajith Abrahamb, Crina Grosanc,Johnson Thomasa," Modeling intrusion detection system using hybrid intelligent systems", Journal of Network and Computer Applications, June 2005
  7. G. J. Klir, "Fuzzy arithmetic with requisite constraints", Fuzzy Sets and Systems, 1997.
  8. Dickerson, J. E. and J. A. Dickerson, "Fuzzy network profiling for intrusion detection", In Proc. of NAFIPS 19th International Conference of the North American Fuzzy Information Processing Society, Atlanta, pp. 301-306. North American Fuzzy Information Processing Society (NAFIPS),July 2000.
  9. G. Florez, SM. Bridges, Vaughn RB, "An improved algorithm for fuzzy data mining for intrusion detection", Annual Meeting of The North American Fuzzy Information Processing Society Proceedings, 2002.
  10. http://www. wikipedia. com visited on 02/04/2012
  11. Wenke Lee , Salvatore J. Stolfo , Philip K. Chan , Eleazar Eskin , Wei Fan , Matthew Miller , Shlomo Hershkop , Junxin Zhang," Real time data mining-based intrusion detection ,2001
  12. Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A. Ghorbani," A Detailed Analysis of the KDD CUP 99 Data Set", Proceedings on the 2009 IEEE Symposium on Computation Intelligence in Security and Defense Application, July 2009, pp 1-6
  13. Gerhard Münz, Sa Li, and Georg Carle, " Traffic anomaly detection using k-means clustering" , In Proceedings of Leistungs-,Zuverlässigkeits-und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, GI/ITG-Workshop MMBnet, September 2007
  14. H. Günes Kayacik, A. Nur Zincir-Heywood, Malcolm I. Heywood," Selecting features for intrusion detection: A feature relevance analysis on KDD 99 intrusion detection datasets", Proceedings of the Third Annual Conference on Privacy Security and Trust PST2005 ,2005,pp 3-5
Index Terms

Computer Science
Information Sciences


Anomaly Detection Simple K Means Feature Selection