VNSOptClust: a Variable Neighborhood Search Based Approach for Unsupervised Anomaly Detection

  1. (PDF, 2 MB)
AuthorSearch for: ; Search for:
ConferenceThe Second International Conference on Modelling, Computation and Optimization in Information Systems and Management Sciences (MCO 2008), September 8-10, 2008., Metz, France
Subjectunsupervised learning; automatic partitional clustering; variable neighborhood search; unsupervised anomaly detection; partitionnement automatique; recherche à voisinage variable; détection d'anomalie non supervisée
AbstractIn this paper, we present a new algorithm, VNSOptClust, for automatic clustering. The VNSOptClust algorithm exploits the basic Variable Neighborhood Search metaheuristic to allow clustering solutions to get out of local optimality with a poor value; it considers the statistic nature of data distribution to find an optimal solution with no dependency on the initial partition; it utilizes a cluster validity index as an objective function to obtain a compact and well-separated clustering result. As an application for unsupervised Anomaly Detection, our experiments show that (i) VNSOptClust has obtained an average detection rate of 71.2% with an acceptably low false positive rate of 0.9%; (ii) VNSOptClust can detect the majority of unknown attacks from each at.tack category, especially, it can detect 84% of the DOS attacks. It appears that VNSOptClust is a promising clustering method in automatically detecting unknown intrusions.
Publication date
AffiliationNRC Institute for Information Technology; National Research Council Canada
Peer reviewedNo
NRC number50406
NPARC number8914445
Export citationExport as RIS
Report a correctionReport a correction
Record identifiercd4f2c5e-f49d-4c89-a0ca-992a0d72edcd
Record created2009-04-22
Record modified2016-05-09
Bookmark and share
  • Share this page with Facebook (Opens in a new window)
  • Share this page with Twitter (Opens in a new window)
  • Share this page with Google+ (Opens in a new window)
  • Share this page with Delicious (Opens in a new window)
Date modified: