Intrusion Detection based on Clustering a Data Stream

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Sang-Hyun Oh Articles by Jin-Suk Kang Articles by Yung-Cheol Byun Articles by Gyung-Leen Park Articles by Sang-Yong Byun

Third ACIS Int'l Conference on Software Engineering Research, Management and Applications (SERA'05)

Central Michigan University, Mount Pleasant, Michigan

August 11-August 13

ISBN: 0-7695-2297-1

	ASCII Text	x
	Sang-Hyun Oh, Jin-Suk Kang, Yung-Cheol Byun, Gyung-Leen Park, Sang-Yong Byun, "Intrusion Detection based on Clustering a Data Stream," Software Engineering Research, Management and Applications, ACIS International Conference on, pp. 220-227, Third ACIS Int'l Conference on Software Engineering Research, Management and Applications (SERA'05), 2005.

	BibTex	x
	@article{ 10.1109/SERA.2005.49, author = {Sang-Hyun Oh and Jin-Suk Kang and Yung-Cheol Byun and Gyung-Leen Park and Sang-Yong Byun}, title = {Intrusion Detection based on Clustering a Data Stream}, journal ={Software Engineering Research, Management and Applications, ACIS International Conference on}, volume = {0}, year = {2005}, isbn = {0-7695-2297-1}, pages = {220-227}, doi = {http://doi.ieeecomputersociety.org/10.1109/SERA.2005.49}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Software Engineering Research, Management and Applications, ACIS International Conference on TI - Intrusion Detection based on Clustering a Data Stream SN - 0-7695-2297-1 SP220 EP227 A1 - Sang-Hyun Oh, A1 - Jin-Suk Kang, A1 - Yung-Cheol Byun, A1 - Gyung-Leen Park, A1 - Sang-Yong Byun, PY - 2005 KW - null VL - 0 JA - Software Engineering Research, Management and Applications, ACIS International Conference on ER -

Sang-Hyun Oh, Yonsei Univ., Korea

Jin-Suk Kang, Kunsan National Univ., Korea

Yung-Cheol Byun, Cheju National Univ., Korea

Gyung-Leen Park, Cheju National Univ., Korea

Sang-Yong Byun, Cheju National Univ., Korea

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SERA.2005.49

In anomaly intrusion detection, how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior as a profile, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes a new clustering algorithm which continuously models a data stream. A set of features is used to represent the characteristics of an activity. For each feature, the clusters of feature values corresponding to activities observed so far in an audit data stream are identified by the proposed clustering algorithm for data streams. As a result, without maintaining any historical activity of a user physically, new activities of the user can be continuously reflected to the on-going result of clustering.

Citation:

Sang-Hyun Oh, Jin-Suk Kang, Yung-Cheol Byun, Gyung-Leen Park, Sang-Yong Byun, "Intrusion Detection based on Clustering a Data Stream," sera, pp.220-227, Third ACIS Int'l Conference on Software Engineering Research, Management and Applications (SERA'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.