Abstract
In the recent decades, many intrusion detection systems (IDSs) have been proposed to enhance the security of networks. A class of IDSs is based on clustering of network traffic into normal and abnormal according to some features of the connections. The selected distance function to measure the similarity and dissimilarity of sessions' features affect the performance of clustering based IDSs. The most popular distance metric, which is used in designing these IDSs is the Euclidean distance function. In this paper, we argue that more appropriate distance functions can be deployed for IDSs. We propose a method of learning an appropriate distance function according to a set of supervision information. This metric is derived by solving a semi-definite optimization problem, which attempts to decrease the distance between the similar, and increases the distances between the dissimilar feature vectors. The evaluation of this scheme over Kyoto2006+ dataset shows that the new distance metric, can improve the performance of a support vector machine (SVM) clustering based IDS in terms of normal detection and false positive rates.
Original language | English |
---|---|
Title of host publication | 2015 The International Symposium on Artificial Intelligence and Signal Processing (AISP) |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 284-289 |
Number of pages | 6 |
ISBN (Electronic) | 978-1-4799-8818-1 |
DOIs | |
Publication status | Published - 15 Jun 2015 |
Externally published | Yes |
Event | 2015 International Symposium on Artificial Intelligence and Signal Processing - Mashhad, Iran, Islamic Republic of Duration: 3 Mar 2015 → 5 Mar 2015 |
Publication series
Name | Proceedings of the International Symposium on Artificial Intelligence and Signal Processing, AISP 2015 |
---|
Conference
Conference | 2015 International Symposium on Artificial Intelligence and Signal Processing |
---|---|
Abbreviated title | AISP |
Country/Territory | Iran, Islamic Republic of |
City | Mashhad |
Period | 3/03/15 → 5/03/15 |
Bibliographical note
Publisher Copyright:© 2015 IEEE.
Keywords
- Anomaly detection
- Clustering Algorithms
- Intrusion detection system
- Metric learning
ASJC Scopus subject areas
- Artificial Intelligence
- Signal Processing