Another fuzzy anomaly detection system based on ant clustering algorithm

Muhamad Erza Aminanto, Hakju Kim, Kyung Min Kim, Kwangjo Kim

Research output: Contribution to journalArticleResearchpeer-review

27 Citations (Scopus)

Abstract

Attacks against computer networks are evolving rapidly. Conventional intrusion detection system based on pattern matching and static signatures have a significant limitation since the signature database should be updated frequently. The unsupervised learning algorithm can overcome this limitation. Ant Clustering Algorithm (ACA) is a popular unsupervised learning algorithm to classify data into different categories. However, ACA needs to be complemented with other algorithms for the classification process. In this paper, we present a fuzzy anomaly detection system that works in two phases. In the first phase, the training phase, we propose ACA to determine clusters. In the second phase, the classification phase, we exploit a fuzzy approach by the combination of two distance- based methods to detect anomalies in new monitored data. We validate our hybrid approach using the KDD Cup'99 dataset. The results indicate that, compared to several traditional and new techniques, the proposed hybrid approach achieves higher detection rate and lower false positive rate.

Original languageEnglish
Pages (from-to)176-183
Number of pages8
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE100A
Issue number1
DOIs
Publication statusPublished - Jan 2017
Externally publishedYes

Keywords

  • Ant clustering algorithm
  • Fuzzy logic
  • Unknown attacks
  • Unsupervised learning

Cite this