A novel unsupervised anomaly detection method based on improved CURE clustering algorithm was presented. By improving this algorithm, the better clusters could be obtained and the performance of the algorithm wasn't changed. These clusters offered the more purely normal data to build normal model. A novel hyper-rectangle-based modeling algorithm was used and it helped to detect intrusions quickly and accurately. Using KDD CUP99 data sets, the experiment result shows that this method can detect known intrusions and unknown intrusions efficiently in the network connections.

• 出版日期2010
• 单位北京邮电大学