Network anomaly detection using unsupervised feature selection and density peak clustering

Xiejun Ni; Daojing He; Sammy Chan; Farooq Ahmad

doi:10.1007/978-3-319-39555-5_12

Network anomaly detection using unsupervised feature selection and density peak clustering

Xiejun Ni
, Daojing He^*
, Sammy Chan
, Farooq Ahmad

^*Corresponding author for this work

East China Normal University
City University of Hong Kong
COMSATS University Islamabad

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

14 Scopus citations

Abstract

Intrusion detection systems (IDSs) play a significant role to effectively defend our crucial computer systems or networks against attackers on the Internet. Anomaly detection is an effective way to detect intrusion, which can discover patterns that do not conform to expected behavior. The mainstream approaches of ADS (anomaly detection system) are using data mining technology to automatically extract normal pattern and abnormal ones from a large set of network data and distinguish them from each other. However, supervised or semi-supervised approaches in data mining rely on data label information. This is not practical when the network data is large-scale. In this paper, we propose a two-stage approach, unsupervised feature selection and density peak clustering to tackle label lacking situations. First, the density-peak based clustering approach is introduced for network anomaly detection, which considers both distance and density nature of data. Second, to achieve better performance of clustering process, we use maximal information coefficient and feature clustering to remove redundant and irrelevant features. Experimental results show that our method can get rid of useless features of high-dimensional data and achieves high detection accuracy and efficiency in the meanwhile.

Original language	English
Title of host publication	Applied Cryptography and Network Security - 14th International Conference, ACNS 2016, Proceedings
Editors	Mark Manulis, Steve Schneider, Ahmad-Reza Sadeghi
Publisher	Springer Verlag
Pages	212-227
Number of pages	16
ISBN (Print)	9783319395548
DOIs	https://doi.org/10.1007/978-3-319-39555-5_12
State	Published - 2016
Externally published	Yes
Event	14th International Conference on Applied Cryptography and Network Security, ACNS 2016 - Guildford, United Kingdom Duration: 19 Jun 2016 → 22 Jun 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9696
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Conference on Applied Cryptography and Network Security, ACNS 2016
Country/Territory	United Kingdom
City	Guildford
Period	19/06/16 → 22/06/16

Keywords

Anomaly detection
Data mining
Density peak clustering
Feature selection
Maximal information coefficient

Access to Document

10.1007/978-3-319-39555-5_12

Cite this

Ni, X., He, D., Chan, S., & Ahmad, F. (2016). Network anomaly detection using unsupervised feature selection and density peak clustering. In M. Manulis, S. Schneider, & A.-R. Sadeghi (Eds.), Applied Cryptography and Network Security - 14th International Conference, ACNS 2016, Proceedings (pp. 212-227). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9696). Springer Verlag. https://doi.org/10.1007/978-3-319-39555-5_12

Ni, Xiejun ; He, Daojing ; Chan, Sammy et al. / Network anomaly detection using unsupervised feature selection and density peak clustering. Applied Cryptography and Network Security - 14th International Conference, ACNS 2016, Proceedings. editor / Mark Manulis ; Steve Schneider ; Ahmad-Reza Sadeghi. Springer Verlag, 2016. pp. 212-227 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{7996eb03da4743ec9d8e849f2fe4c080,

title = "Network anomaly detection using unsupervised feature selection and density peak clustering",

abstract = "Intrusion detection systems (IDSs) play a significant role to effectively defend our crucial computer systems or networks against attackers on the Internet. Anomaly detection is an effective way to detect intrusion, which can discover patterns that do not conform to expected behavior. The mainstream approaches of ADS (anomaly detection system) are using data mining technology to automatically extract normal pattern and abnormal ones from a large set of network data and distinguish them from each other. However, supervised or semi-supervised approaches in data mining rely on data label information. This is not practical when the network data is large-scale. In this paper, we propose a two-stage approach, unsupervised feature selection and density peak clustering to tackle label lacking situations. First, the density-peak based clustering approach is introduced for network anomaly detection, which considers both distance and density nature of data. Second, to achieve better performance of clustering process, we use maximal information coefficient and feature clustering to remove redundant and irrelevant features. Experimental results show that our method can get rid of useless features of high-dimensional data and achieves high detection accuracy and efficiency in the meanwhile.",

keywords = "Anomaly detection, Data mining, Density peak clustering, Feature selection, Maximal information coefficient",

author = "Xiejun Ni and Daojing He and Sammy Chan and Farooq Ahmad",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2016.; 14th International Conference on Applied Cryptography and Network Security, ACNS 2016 ; Conference date: 19-06-2016 Through 22-06-2016",

year = "2016",

doi = "10.1007/978-3-319-39555-5\_12",

language = "英语",

isbn = "9783319395548",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "212--227",

editor = "Mark Manulis and Steve Schneider and Ahmad-Reza Sadeghi",

booktitle = "Applied Cryptography and Network Security - 14th International Conference, ACNS 2016, Proceedings",

address = "德国",

}

Ni, X, He, D, Chan, S & Ahmad, F 2016, Network anomaly detection using unsupervised feature selection and density peak clustering. in M Manulis, S Schneider & A-R Sadeghi (eds), Applied Cryptography and Network Security - 14th International Conference, ACNS 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9696, Springer Verlag, pp. 212-227, 14th International Conference on Applied Cryptography and Network Security, ACNS 2016, Guildford, United Kingdom, 19/06/16. https://doi.org/10.1007/978-3-319-39555-5_12

Network anomaly detection using unsupervised feature selection and density peak clustering. / Ni, Xiejun; He, Daojing; Chan, Sammy et al.
Applied Cryptography and Network Security - 14th International Conference, ACNS 2016, Proceedings. ed. / Mark Manulis; Steve Schneider; Ahmad-Reza Sadeghi. Springer Verlag, 2016. p. 212-227 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9696).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Network anomaly detection using unsupervised feature selection and density peak clustering

AU - Ni, Xiejun

AU - He, Daojing

AU - Chan, Sammy

AU - Ahmad, Farooq

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2016.

PY - 2016

Y1 - 2016

N2 - Intrusion detection systems (IDSs) play a significant role to effectively defend our crucial computer systems or networks against attackers on the Internet. Anomaly detection is an effective way to detect intrusion, which can discover patterns that do not conform to expected behavior. The mainstream approaches of ADS (anomaly detection system) are using data mining technology to automatically extract normal pattern and abnormal ones from a large set of network data and distinguish them from each other. However, supervised or semi-supervised approaches in data mining rely on data label information. This is not practical when the network data is large-scale. In this paper, we propose a two-stage approach, unsupervised feature selection and density peak clustering to tackle label lacking situations. First, the density-peak based clustering approach is introduced for network anomaly detection, which considers both distance and density nature of data. Second, to achieve better performance of clustering process, we use maximal information coefficient and feature clustering to remove redundant and irrelevant features. Experimental results show that our method can get rid of useless features of high-dimensional data and achieves high detection accuracy and efficiency in the meanwhile.

AB - Intrusion detection systems (IDSs) play a significant role to effectively defend our crucial computer systems or networks against attackers on the Internet. Anomaly detection is an effective way to detect intrusion, which can discover patterns that do not conform to expected behavior. The mainstream approaches of ADS (anomaly detection system) are using data mining technology to automatically extract normal pattern and abnormal ones from a large set of network data and distinguish them from each other. However, supervised or semi-supervised approaches in data mining rely on data label information. This is not practical when the network data is large-scale. In this paper, we propose a two-stage approach, unsupervised feature selection and density peak clustering to tackle label lacking situations. First, the density-peak based clustering approach is introduced for network anomaly detection, which considers both distance and density nature of data. Second, to achieve better performance of clustering process, we use maximal information coefficient and feature clustering to remove redundant and irrelevant features. Experimental results show that our method can get rid of useless features of high-dimensional data and achieves high detection accuracy and efficiency in the meanwhile.

KW - Anomaly detection

KW - Data mining

KW - Density peak clustering

KW - Feature selection

KW - Maximal information coefficient

UR - https://www.scopus.com/pages/publications/84977572181

U2 - 10.1007/978-3-319-39555-5_12

DO - 10.1007/978-3-319-39555-5_12

M3 - 会议稿件

AN - SCOPUS:84977572181

SN - 9783319395548

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 212

EP - 227

BT - Applied Cryptography and Network Security - 14th International Conference, ACNS 2016, Proceedings

A2 - Manulis, Mark

A2 - Schneider, Steve

A2 - Sadeghi, Ahmad-Reza

PB - Springer Verlag

T2 - 14th International Conference on Applied Cryptography and Network Security, ACNS 2016

Y2 - 19 June 2016 through 22 June 2016

ER -

Ni X, He D, Chan S, Ahmad F. Network anomaly detection using unsupervised feature selection and density peak clustering. In Manulis M, Schneider S, Sadeghi AR, editors, Applied Cryptography and Network Security - 14th International Conference, ACNS 2016, Proceedings. Springer Verlag. 2016. p. 212-227. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-39555-5_12

Network anomaly detection using unsupervised feature selection and density peak clustering

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this