TY - JOUR
T1 - Another fuzzy anomaly detection system based on ant clustering algorithm
AU - Aminanto, Muhamad Erza
AU - Kim, Hakju
AU - Kim, Kyung Min
AU - Kim, Kwangjo
N1 - Publisher Copyright:
© Copyright 2017 The Institute of Electronics, Information and Communication Engineers.
PY - 2017/1
Y1 - 2017/1
N2 - Attacks against computer networks are evolving rapidly. Conventional intrusion detection system based on pattern matching and static signatures have a significant limitation since the signature database should be updated frequently. The unsupervised learning algorithm can overcome this limitation. Ant Clustering Algorithm (ACA) is a popular unsupervised learning algorithm to classify data into different categories. However, ACA needs to be complemented with other algorithms for the classification process. In this paper, we present a fuzzy anomaly detection system that works in two phases. In the first phase, the training phase, we propose ACA to determine clusters. In the second phase, the classification phase, we exploit a fuzzy approach by the combination of two distance- based methods to detect anomalies in new monitored data. We validate our hybrid approach using the KDD Cup'99 dataset. The results indicate that, compared to several traditional and new techniques, the proposed hybrid approach achieves higher detection rate and lower false positive rate.
AB - Attacks against computer networks are evolving rapidly. Conventional intrusion detection system based on pattern matching and static signatures have a significant limitation since the signature database should be updated frequently. The unsupervised learning algorithm can overcome this limitation. Ant Clustering Algorithm (ACA) is a popular unsupervised learning algorithm to classify data into different categories. However, ACA needs to be complemented with other algorithms for the classification process. In this paper, we present a fuzzy anomaly detection system that works in two phases. In the first phase, the training phase, we propose ACA to determine clusters. In the second phase, the classification phase, we exploit a fuzzy approach by the combination of two distance- based methods to detect anomalies in new monitored data. We validate our hybrid approach using the KDD Cup'99 dataset. The results indicate that, compared to several traditional and new techniques, the proposed hybrid approach achieves higher detection rate and lower false positive rate.
KW - Ant clustering algorithm
KW - Fuzzy logic
KW - Unknown attacks
KW - Unsupervised learning
UR - http://www.scopus.com/inward/record.url?scp=85008343612&partnerID=8YFLogxK
U2 - 10.1587/transfun.E100.A.176
DO - 10.1587/transfun.E100.A.176
M3 - Article
AN - SCOPUS:85008343612
SN - 0916-8508
VL - E100A
SP - 176
EP - 183
JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
IS - 1
ER -