Research and Implementation of Unsupervised Clustering-Based Intrusion Detection

作     者：Luo Min, Zhang Huan\|guo, Wang Li\|na School of Computer, Wuhan University, Wuhan 430072, Hubei, China 

作者机构：School of Computer Wuhan University Wuhan Hubei China 

出 版 物：《Wuhan University Journal of Natural Sciences》 (武汉大学学报（自然科学英文版）)

年 卷 期：2003年第8卷第3A期

页      面：803-807页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 

基　　金：theNationalNaturalScienceFoundationofChina (90 1 0 4 0 0 5 90 2 0 4 0 1 1 ) 

主　　题：intrusion detection data mining unsupervised clustering unlabeled data 

摘      要：An unsupervised clustering\|based intrusion detection algorithm is discussed in this paper. The basic idea of the algorithm is to produce the cluster by comparing the distances of unlabeled training data sets. With the classified data instances, anomaly data clusters can be easily identified by normal cluster ratio and the identified cluster can be used in real data detection. The benefit of the algorithm is that it doesn t need labeled training data sets. The experiment concludes that this approach can detect unknown intrusions efficiently in the real network connections via using the data sets of KDD99.