A Pre-clustering Method To Improve Anomaly Detection
Denis Hock, Martin Kappes, Bogdan Ghita
2016
Abstract
While Anomaly Detection is commonly accepted as an appropriate technique to uncover yet unknown network misuse patterns and malware, detection rates are often diminished by, e.g., unpredictable user behavior, new applications and concept changes. In this paper, we propose and evaluate the benefits of using clustering methods for data preprocessing in Anomaly Detection in order to improve detection rates even in the presence of such events. We study our pre-clustering approach for different features such as IP addresses, traffic characteristics and application layer protocols. Our results obtained by analyzing detection rates for real network traffic with actual intrusions indicates that our approach does indeed significantly improve detection rates and, moreover, is practically feasible.
DownloadPaper Citation
in Harvard Style
Hock D., Kappes M. and Ghita B. (2016). A Pre-clustering Method To Improve Anomaly Detection . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 391-396. DOI: 10.5220/0005953003910396
in Bibtex Style
@conference{secrypt16,
author={Denis Hock and Martin Kappes and Bogdan Ghita},
title={A Pre-clustering Method To Improve Anomaly Detection},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={391-396},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005953003910396},
isbn={978-989-758-196-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - A Pre-clustering Method To Improve Anomaly Detection
SN - 978-989-758-196-0
AU - Hock D.
AU - Kappes M.
AU - Ghita B.
PY - 2016
SP - 391
EP - 396
DO - 10.5220/0005953003910396