Abstract
Security technology in computer network including anomaly detection is increasingly playing an important role in the government and protection of Internet along with its popularity. Anomaly detection uses data mining techniques to detect the unknown malicious behavior. Various hybrid approaches have been proposed in order to detect outliers more accurately recently. This paper proposes a novel hybrid of clusterings and graph to detect anomaly. We introduce a new holistic approach in a common bipartite scenario of users from intranet accessing to Internet that utilizes different types of clusterings for the individual feature data to find the outliers and then a graph model to take advantage of the relational data naming network to enhance anomaly detection. The framework solution has several advantages: taking consideration of individual feature data and relational data, keeping open to extend different types of clusterings, easily appending more domain knowledge.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60, 708–713 (2015)
Ahmed, T., Oreshkin, B., Coates, M.: Machine learning approaches to network anomaly detection. In: Proceedings of the 2nd USENIX Workshop on Tackling Computer Systems Problems with Machine Learning Techniques, pp. 1–6 (2007)
Farid, D., Harbi, N., Rahman, M.: Combining naive bayes and decision tree for adaptive intrusion detection. arXiv preprint arXiv:1005.4496 (2010)
Gaddam, S., Phoha, V., Balagani, K.: K-Means+ ID3: a novel method for supervised anomaly detection by cascading K-Means clustering and ID3 decision tree learning methods. TKDE 19(3), 345–354 (2007)
Moore, D., Shannon, C., Brown, D., Voelker, G., Savage, S.: Inferring internet denial-of-service activity. ACM Trans. Comput. Syst. (TOCS) 24(2), 115–139 (2006)
Munson, A., Caruana, R.: Cluster ensembles for network anomaly detection. Technical report, Cornell University (2006)
Nachenberg, C., Wilhelm, J., Wright, A., Faloutsos, C.: Polonium: tera-scale graph mining and inference for malware detection (2011)
Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling intrusion detection system using hybrid intelligent systems. J. Netw. Comput. Appl. 30(1), 114–132 (2007)
Rayana, S., Akoglu, L.: Collective opinion spam detection: bridging review networks and metadata. In: Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 985–994 (2015)
Yasami, Y., Mozaffari, S.: A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods. J. Supercomput. 53(1), 231–245 (2010)
Acknowledgement
The authors in this work are sponsored by the Fundamental Research Funds for the Central Universities, the Youth Science and Technology of Foundation of Shanghai (15YF1412600), the Shanghai Sailing Program (17YF1420500) and the National Natural Science Foundation Committee of China under contract no. 61202382.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Shi, Y., Wang, S., Zhao, Q., Li, J. (2017). A Hybrid Approach of HTTP Anomaly Detection. In: Song, S., Renz, M., Moon, YS. (eds) Web and Big Data. APWeb-WAIM 2017. Lecture Notes in Computer Science(), vol 10612. Springer, Cham. https://doi.org/10.1007/978-3-319-69781-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-69781-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69780-2
Online ISBN: 978-3-319-69781-9
eBook Packages: Computer ScienceComputer Science (R0)