Abstract
For the effective detection of various intrusion methods into a computer, most of previous studies have been focused on the development of misuse-based intrusion detection methods. Recently, the works related to anomaly-based intrusion detection have attracted considerable attention because the anomaly detection technique can handle previously unknown intrusion methods effectively. However, most of them assume that the normal behavior of a user is fixed. Due to this reason, the new activities of the user may be regarded as anomalous events. In this paper, a new anomaly detection method based on an incremental clustering algorithm is proposed. To adaptively model the normal behavior of a user, the new profile of the user is effectively merged to the old one whenever new user transactions are added to the original data set.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Javitz, H.S., Valdes, A.: The NIDES Statistical Component Description and Justification. Annual report, SRI International, 333 Ravenwood Avenue, Menlo Park, CA 94025 (March 1994)
Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: 20th NISSC (October 1997)
Javitz, H.S., Valdes, A.: The SRI IDES Statistical Anomaly Detector. In: Proc. of the 1991 IEEE Symposium on Research in Security and Privacy, May 1991, IEEE Computer Society Press, Los Alamitos (1991)
Ester, M., et al.: Incremental Clustering for Mining in a Data Warehousing Environment. In: Proceedings of the 24th VLDB Conference, New York, USA (1998)
Oh, S.-H., Lee, W.-S.: A Clustering-Based Anomaly Intrusion Detector for a Host Computer. IEICE Trans. on Information and Systems E87-D(8), 2086–2094 (2004)
Sun Microsystems. SunShield Basic Security Module Guide
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Oh, SH., Lee, WS. (2007). Anomaly Intrusion Detection Based on Dynamic Cluster Updating. In: Zhou, ZH., Li, H., Yang, Q. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2007. Lecture Notes in Computer Science(), vol 4426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71701-0_80
Download citation
DOI: https://doi.org/10.1007/978-3-540-71701-0_80
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71700-3
Online ISBN: 978-3-540-71701-0
eBook Packages: Computer ScienceComputer Science (R0)