Optimized clustering for anomaly intrusion detection

Sang Hyun Oh, Won Suk Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)


Although conventional clustering algorithms have been used to classify data objects in a data set into the groups of similar data objects based on data similarity, they can be employed to extract the common knowledge i.e. properties of similar data objects commonly appearing in a set of transactions. The common knowledge of the activities in the transactions of a user is represented by the occurrence frequency of similar activities by the unit of a transaction as well as the repetitive ratio of similar activities in each transaction. This paper proposes an optimized clustering method for modeling the normal pattern of a user's activities. Furthermore, it also addresses how to determine the optimal values of clustering parameters for a user as well as how to maintain identified common knowledge as a concise profile. As a result, it can be used to detect any anomalous behavior in an online transaction of the user.

Original languageEnglish
Title of host publicationAdvances in Knowledge Discovery and Data Mining
EditorsKyu-Young Wang, Jongwoo Jeon, Kyuseok Shim, Jaideep Srivastava
PublisherSpringer Verlag
Number of pages6
ISBN (Electronic)3540047603, 9783540047605
Publication statusPublished - 2003
Event7th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2003 - Seoul, Korea, Republic of
Duration: 2003 Apr 302003 May 2

Publication series

NameLecture Notes in Artificial Intelligence (Subseries of Lecture Notes in Computer Science)
ISSN (Print)0302-9743


Other7th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2003
Country/TerritoryKorea, Republic of

Bibliographical note

Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2003.

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Optimized clustering for anomaly intrusion detection'. Together they form a unique fingerprint.

Cite this