Skip to main content
SpringerLink
Log in
Book cover

International Conference on Neural Information Processing

ICONIP 2006: Neural Information Processing pp 217–224Cite as

Intrusion Alert Analysis Based on PCA and the LVQ Neural Network

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4234))

Abstract

We present a PCA-LVQ method and a balanced-training method for efficient intrusion alert clustering. For the network connection records in the rough 1999 DARPA intrusion dataset, we firstly get a purified and dimension-reduced dataset through Principal Component Analysis (PCA). Then, we use the Learning Vector Quantization (LVQ) neural network to perform intrusion alert clustering on the purified intrusion dataset. To our best knowledge, this is the first attempt of using the LVQ neural network and the PCA-LVQ model on intrusion alert clustering. The experiment results show that the PCA-LVQ model and the balanced-training method are effective: the time costs can be shortened about by three times, and the accuracy of detection can be elevated to a higher level, especially, the clustering accuracy rate of the U2R and R2L alerts can be increased dramatically.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   139.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mahoney, M.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic, Ph.D. dissertation, Florida Institute of Technology (2003)

    Google Scholar 

  2. Eskin, E., Arnold, A., Prerau, M., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Applications of Data Mining in Computer Security (2002)

    Google Scholar 

  3. Bouzida, Y., Gombault, S.: EigenConnections to Intrusion Detection. In: Proceedings of the 19th IFIP International Information Security Conference, Kluwer Academic, Dordrecht (2004)

    Google Scholar 

  4. Ramadas, M.: Detecting Anomalous Network Traffic with Self-Organizing Maps. Master’s thesis, Ohio University (March 2003)

    Google Scholar 

  5. kddcup.data, available at, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  6. jing-xin, W.: Feature selection for the intrusion detection system. In: Proceedings of the sixth conference on computer application and security, China (2002)

    Google Scholar 

  7. Mukkamala1, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. International Journal of Digital Evidence 1(4) (Winter 2003)

    Google Scholar 

  8. Oja, E.: Neural Networks, principal components, and subspaces. International Journal of Neural Systems 1(1), 61–68 (1989)

    Article  MathSciNet  Google Scholar 

  9. Jolliffe, I.T.: Principal Component Analysis, 3rd edn. Springer, New York (2002)

    MATH  Google Scholar 

  10. Kohonen, T., Hynninen, J., Kangas, J.: LVQ_PAK: The Learning Vector Quantization Program Package. Techinical report (1996)

    Google Scholar 

  11. Hagan, M.T., Demuth, H.B., Beale, N.H.: Neural network design. China Machine Press (August 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer School, National University of Defense Technology, Changsha, China

    Jing-Xin Wang, Zhi-Ying Wang &  Kui-Dai

Authors
  1. Jing-Xin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhi-Ying Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kui-Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science and Engineering, The Chinese Univ. of Hong Kong, Shatin, N.T., Hong Kong

    Irwin King

  2. Department of Mechanical and Automation Engineering, The Chinese University of Hong Kong, Shatin, Hong Kong, New Territories,, China

    Jun Wang

  3. The Chinese University of Hong Kong, Shatin, N.T., Hong Kong

    Lai-Wan Chan

  4. Department of Computer Science and Engineering & Center for Cognitive Science, The Ohio State University, OH 43210, Columbus

    DeLiang Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, JX., Wang, ZY., Kui-Dai (2006). Intrusion Alert Analysis Based on PCA and the LVQ Neural Network. In: King, I., Wang, J., Chan, LW., Wang, D. (eds) Neural Information Processing. ICONIP 2006. Lecture Notes in Computer Science, vol 4234. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11893295_25

Download citation

  • DOI: https://doi.org/10.1007/11893295_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-46484-6

  • Online ISBN: 978-3-540-46485-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation