Language selection

Government of Canada / Gouvernement du Canada

Search

VNSOptClust: a variable neighborhood search based approach for unsupervised anomaly detection

From National Research Council Canada

Download
  1. (PDF, 3.3 MiB)
AuthorSearch for: 1; Search for: 1
Affiliation
  1. National Research Council Canada. NRC Institute for Information Technology
FormatText, Article
ConferenceSecond International Conference on Modelling, Computation and Optimization in Information Systems and Management Sciences (MCO 2008), September 8-10, 2008, Metz, France
Subjectunsupervised learning; automatic partitional clustering; variable neighborhood search; unsupervised anomaly detection
Abstract
In this paper, we present a new algorithm, VNSOptClust, for automatic clustering. The VNSOptClust algorithm exploits the basic Variable Neighborhood Search metaheuristic to allow clustering solutions to get out of local optimality with a poor value; it considers the statistic nature of data distribution to find an optimal solution with no dependency on the initial partition; it utilizes a cluster validity index as an objective function to obtain a compact and well-separated clustering result. As an application for unsupervised Anomaly Detection, our experiments show that (i) VNSOptClust has obtained an average detection rate of 71.2% with an acceptably low false positive rate of 0.9%; (ii) VNSOptClust can detect the majority of unknown attacks from each at.tack category, especially, it can detect 84% of the DOS attacks. It appears that VNSOptClust is a promising clustering method in automatically detecting unknown intrusions.
Publication date
In
  • Second International Conference on Modelling, Computation and Optimization in Information Systems and Management Sciences (MCO 2008) [Proceedings].
LanguageEnglish
NRC numberNRCC 50406
NPARC number8914445
Export citationExport as RIS
Report a correctionReport a correction (opens in a new tab)
Record identifiercd4f2c5e-f49d-4c89-a0ca-992a0d72edcd
Record created2009-04-22
Record modified2024-03-06
Date modified: