skip to main content
10.1145/1363686.1364194acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

TCM-KNN scheme for network anomaly detection using feature-based optimizations

Published: 16 March 2008 Publication History

Abstract

With the rapid increase of network threats and cyber attacks, network security problem is becoming more and more serious. Network anomaly detection is a key technique to secure information systems and resist cyber attacks. In this paper, we first propose an efficient network anomaly detection technique based on TCM-KNN scheme. Secondly, we emphasize the feature-based optimizations for our TCM-KNN. We employ feature selection and feature weight mechanisms to optimize TCM-KNN as a promising lightweight and on-line anomaly detection technique both in reducing its computational cost and in boosting its detection performance. A series of experiments on well-known intrusion detection dataset KDD Cup 1999 demonstrate the effectiveness of our methods presented in this paper.

References

[1]
M. Bishop, Computer Security -- Art and Science, Addison Wesley, 2003.
[2]
D. E. Denning. An intrusion detection model, IEEE Transactions on Software Engineering, SE-13, 1987, 222--232.
[3]
A Valdes, K Skinner. Adaptive, model-based monitoring for cyber attack detection. In: Debar H, Mé L, Wu SF, eds. Proc. of the 3rd Int'l Workshop on the Recent Advances in Intrusion Detection (RAID 2000). LNCS 1907, Heidelberg: Springer-Verlag, 2000. 80--93.
[4]
M. L. Shyu, S. C. Chen, K Sarinnapakorn, L Chang. A novel anomaly detection scheme based on principal component classifier. Proc. of the IEEE Foundations and New Directions of Data Mining Workshop, USA, 2003. 172--179.
[5]
J. E. Dickerson, J. A. Dickerson. Fuzzy network profiling for intrusion detection. Proc. of the 19th International Conference of the North American Fuzzy Information Processing Society (NAFIPS), Atlanta: GA, 2000. 301--306
[6]
M. Ramadas, S. O. B. Tjaden. Detecting anomalous network traffic with self-organizing maps. Proc. of the 6th International Symposium on Recent Advances in Intrusion Detection, Pittsburgh: USA, 2003. 36--54.
[7]
E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo. A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. Applications of Data Mining in Computer Security, Kluwer, 2002.
[8]
A. Gammerman, and V. Vovk. Prediction algorithms and confidence measure based on algorithmic randomness theory. Theoretical Computer Science. 2002, 209--217.
[9]
M. Li, and P. Vitanyi. Introduction to Kolmogorov complexity and its applications. 2nd Edition, Springer Verlag, 1997.
[10]
K. Proedru, I. Nouretdinov, V. Vovk, and A. Gammerman. Transductive confidence machine for pattern recognition. Proc. 13th European conference on Machine Learning. 2002, 381--390.
[11]
B. Daniel, D. Carlotta, and P. R. James. Detecting outliers using transduction and statistical testing. In Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, USA, 2006, 55--64.
[12]
Y Li, B. X. Fang, L Guo, Y Chen. Network anomaly detection based on TCM-KNN algorithm. In Proceedings of the 2nd ACM Symposoium on InformAtion, Computer, Communications Security(ASIACCS '07), Singapore, 2007, 13--19.
[13]
H. Liu, L. Yu. Towards integrating feature selection algorithms for classification and clustering. IEEE Transactions on Knowledge and Data Engineering, 17(3):1--12, 2005.
[14]
L. Yu, H. Liu. Efficient feature selection via analysis of relevance and redundancy. Journal of Machine Learning Research, 2004, (5) 1205--1224.
[15]
V. Vapnic. The Nature of Statistical Learning Theory. Springer, New York, 1995.
[16]
C. Cortes, V. Vapnik. Support Vector networks. Machine Learning, 20: 273--297, 1995.
[17]
Osuna, R. Freund, F. Girosi. Support vector machines: Training and applications. In A. I. Memo. MIT A. I. Lab, 1996.
[18]
DARPA dataset {online} http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[19]
J. McHugh. The 1998 Lincoln Laboratory IDS evaluation: A critique. In Recent Advances in Intrusion Detection (RAID 2000), Lecture Notes in Computer Science, Springer-Verlag, Berlin, volume 1907, 2000, 145--161.
[20]
R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In DARPA Information Survivability Conference and Exposition (DISCEX), volume 2, 2000, 12--26.
[21]
Y Li, B. Fang, Li. Guo. A Lightweight Online Network Anomaly Detection Scheme Based on Data Mining Methods. Proc. of the 15th IEEE Int'l Conf. on Network Protocols (ICNP 2007), 2007, 341--342.

Cited By

View all
  • (2023)A Survey of DDoS Attacks Detection Schemes in SDN Environment2023 International Conference on Computer, Information and Telecommunication Systems (CITS)10.1109/CITS58301.2023.10188707(01-06)Online publication date: 10-Jul-2023
  • (2022)Network Topology Classification in SDN Ecosystem using Machine LearningInternational Journal of Next-Generation Computing10.47164/ijngc.v13i2.410Online publication date: 26-Jul-2022
  • (2022)Detection Mechanism Using Transductive Learning and Support Vectors for Software-Defined NetworksInternational Journal of Information Retrieval Research10.4018/IJIRR.30029312:3(1-22)Online publication date: 15-Jun-2022
  • Show More Cited By

Index Terms

  1. TCM-KNN scheme for network anomaly detection using feature-based optimizations

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SAC '08: Proceedings of the 2008 ACM symposium on Applied computing
      March 2008
      2586 pages
      ISBN:9781595937537
      DOI:10.1145/1363686
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 16 March 2008

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. TCM-KNN algorithm
      2. anomaly detection
      3. feature selection
      4. feature weight
      5. network security

      Qualifiers

      • Research-article

      Conference

      SAC '08
      Sponsor:
      SAC '08: The 2008 ACM Symposium on Applied Computing
      March 16 - 20, 2008
      Fortaleza, Ceara, Brazil

      Acceptance Rates

      Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

      Upcoming Conference

      SAC '25
      The 40th ACM/SIGAPP Symposium on Applied Computing
      March 31 - April 4, 2025
      Catania , Italy

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)4
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 13 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2023)A Survey of DDoS Attacks Detection Schemes in SDN Environment2023 International Conference on Computer, Information and Telecommunication Systems (CITS)10.1109/CITS58301.2023.10188707(01-06)Online publication date: 10-Jul-2023
      • (2022)Network Topology Classification in SDN Ecosystem using Machine LearningInternational Journal of Next-Generation Computing10.47164/ijngc.v13i2.410Online publication date: 26-Jul-2022
      • (2022)Detection Mechanism Using Transductive Learning and Support Vectors for Software-Defined NetworksInternational Journal of Information Retrieval Research10.4018/IJIRR.30029312:3(1-22)Online publication date: 15-Jun-2022
      • (2022)Dynamic Traffic Anomaly Detection for Broadband Smart Grid Services in Software Defined Networks2022 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting (BMSB)10.1109/BMSB55706.2022.9828714(1-5)Online publication date: 15-Jun-2022
      • (2022)Stroke Treatment Prediction Using Features Selection Methods and Machine Learning ClassifiersIRBM10.1016/j.irbm.2022.02.00243:6(678-686)Online publication date: Dec-2022
      • (2020)Color object segmentation and tracking using flexible statistical model and level-setMultimedia Tools and Applications10.1007/s11042-020-09809-2Online publication date: 8-Oct-2020
      • (2019)Network Anomaly Intrusion Detection Using a Nonparametric Bayesian Approach and Feature SelectionIEEE Access10.1109/ACCESS.2019.29121157(52181-52190)Online publication date: 2019
      • (2018)A Detection Method for Anomaly Flow in Software Defined NetworkIEEE Access10.1109/ACCESS.2018.28396846(27809-27817)Online publication date: 2018
      • (2015)Metaheuristics for feature selection in handwritten digit recognition2015 Latin America Congress on Computational Intelligence (LA-CCI)10.1109/LA-CCI.2015.7435975(1-6)Online publication date: Oct-2015
      • (2014)Combination of Single Feature Classifiers for Fast Feature SelectionAdvances in Knowledge Discovery and Management10.1007/978-3-319-02999-3_7(113-131)Online publication date: 2014
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media