Outlier detection with double-sided control mechanism and different priority weight values for network security


Doğan Y., Dalkılıç G.

2010 2nd WRI World Congress on Software Engineering, WCSE 2010, Wuhan, China, 19 - 20 December 2010, vol.2, pp.130-133 identifier

  • Publication Type: Conference Paper / Full Text
  • Volume: 2
  • Doi Number: 10.1109/wcse.2010.142
  • City: Wuhan
  • Country: China
  • Page Numbers: pp.130-133
  • Keywords: K-nearest neighbor clustering and classification, Network security and similarity m easurement, Outlier detection
  • Dokuz Eylül University Affiliated: Yes

Abstract

A server needs strong security systems. For this goal, a new perspective to network security is won by using data mining paradigms like outlier detection, clustering and classification. This study uses K-Nearest Neighbor (KNN) algorithm for clustering and classification. KNN algorithm needs data warehouse which impersonates user profiles to cluster. Therefore, requested time intervals and requested IPs with text mining are used for user profiles. Users in the network are clustered by calculating optimum k and threshold parameters of KNN algorithm. Finally, over these clusters, new requests are separated as outlier or normal by different threshold values with different priority weight values and average similarities with different priority weight values. © 2010 IEEE.