{"title":"An Efficient Network Anomaly Detection Scheme Based on TCM-KNN Algorithm and Data Reduction Mechanism","authors":"Yang Li, Li Guo","doi":"10.1109/IAW.2007.381936","DOIUrl":null,"url":null,"abstract":"Network anomaly detection plays a vital role in securing network security and infrastructures. Current research focuses concentrate on how to effective reduce high false alarm rate and usually ignore the fact that the poor quality data for the modeling of normal patterns as well as the high computational cost make the current anomaly detection methods not act as well as we expect. Based on these, we first propose a novel data mining scheme for network anomaly detection in this paper. Moreover, we adopt data reduction mechanisms (including genetic algorithm (GA) based instance selection and filter based feature selection methods) to boost the detection performance, meanwhile reduce the computational cost of TCM-KNN. Experimental results on the well-known KDD Cup 1999 dataset demonstrate the proposed method can effectively detect anomalies with high detection rates, low false positives as well as with high confidence than the state-of-the-art anomaly detection methods. Furthermore, the data reduction mechanisms would greatly improve the performance of TCM-KNN and make it be a good candidate for anomaly detection in practice.","PeriodicalId":414721,"journal":{"name":"2007 IEEE SMC Information Assurance and Security Workshop","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE SMC Information Assurance and Security Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2007.381936","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18
Abstract
Network anomaly detection plays a vital role in securing network security and infrastructures. Current research focuses concentrate on how to effective reduce high false alarm rate and usually ignore the fact that the poor quality data for the modeling of normal patterns as well as the high computational cost make the current anomaly detection methods not act as well as we expect. Based on these, we first propose a novel data mining scheme for network anomaly detection in this paper. Moreover, we adopt data reduction mechanisms (including genetic algorithm (GA) based instance selection and filter based feature selection methods) to boost the detection performance, meanwhile reduce the computational cost of TCM-KNN. Experimental results on the well-known KDD Cup 1999 dataset demonstrate the proposed method can effectively detect anomalies with high detection rates, low false positives as well as with high confidence than the state-of-the-art anomaly detection methods. Furthermore, the data reduction mechanisms would greatly improve the performance of TCM-KNN and make it be a good candidate for anomaly detection in practice.
网络异常检测对保障网络安全和基础设施安全起着至关重要的作用。目前的研究主要集中在如何有效降低高虚警率上,而忽略了常规模式建模数据质量差和计算成本高的问题,使得现有的异常检测方法无法达到预期的效果。在此基础上,本文首次提出了一种新的网络异常检测数据挖掘方案。此外,我们采用数据约简机制(包括基于遗传算法(GA)的实例选择和基于滤波器的特征选择方法)来提高检测性能,同时降低TCM-KNN的计算成本。在著名的KDD Cup 1999数据集上的实验结果表明,与现有的异常检测方法相比,该方法可以有效地检测异常,具有高的检测率、低的误报率和高的置信度。此外,数据约简机制将大大提高TCM-KNN的性能,使其在实际应用中成为一种很好的异常检测候选算法。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
