An Experimental Study on Instance Selection Schemes for Efficient Network Anomaly Detection

Li, Yang; Guo, Li; Fang, Bin-Xing; Liu, Xiang-Tao; Lin-Qi

doi:10.1007/978-3-642-04342-0_18

Yang Li^18,19,
Li Guo¹⁹,
Bin-Xing Fang¹⁹,
Xiang-Tao Liu¹⁹ &
…
Lin-Qi²⁰

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5758))

Included in the following conference series:

International Workshop on Recent Advances in Intrusion Detection

1667 Accesses
1 Altmetric

Abstract

Traditional researches on network anomaly detection have been solely focused on the detection algorithms, whereas an important issue that has not been well studied so far is the selection of normal training data for network anomaly detection algorithm, which is highly related to the detection performance and computational complexities. In this poster, we present two instance selection mechanism – EFCM (Enhanced Fuzzy C-Means) as well asGA (Genetic Algorithm) for network anomaly detection algorithm, aiming at limiting the size of training dataset, thus reducing the computational cost of them, as well as boosting their detection performance. We report our experimental results on several classic network anomaly detection algorithms by using the network traffic trace collected from a real network environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. In: Proc. ADMCS 2002, pp. 78–99 (2002)
Google Scholar
Li, Y., Fang, B.X., Guo, L., Chen, Y.: Network Anomaly Detection Based on TCM-KNN Algorithm. In: Proc. ACM ASIACCS 2007, pp. 13–19 (2007)
Google Scholar

Download references

Author information

Authors and Affiliations

China Mobile Research Institute, Beijing, 100053, China
Yang Li
Institute of Computing Technology, Chinese Academy of Sciences, Beijing, 100190, China
Yang Li, Li Guo, Bin-Xing Fang & Xiang-Tao Liu
University of Maryland, 21226, USA
Lin-Qi

Authors

Yang Li
View author publications
You can also search for this author in PubMed Google Scholar
Li Guo
View author publications
You can also search for this author in PubMed Google Scholar
Bin-Xing Fang
View author publications
You can also search for this author in PubMed Google Scholar
Xiang-Tao Liu
View author publications
You can also search for this author in PubMed Google Scholar
Lin-Qi
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Institute Eurecom, 2229 Route des Cretes, 06560, Sophia-Antipolis Cedex, France
Engin Kirda & Davide Balzarotti &
Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA
Somesh Jha

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Li, Y., Guo, L., Fang, BX., Liu, XT., Lin-Qi (2009). An Experimental Study on Instance Selection Schemes for Efficient Network Anomaly Detection. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_18

Download citation

DOI: https://doi.org/10.1007/978-3-642-04342-0_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04341-3
Online ISBN: 978-3-642-04342-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics