Most anomaly detection methods can not be fit for the changing and complex network. High noise and updating normality profiles not in time will lead to high false alarm rate. In this paper, a new anomaly detection algorithm using improved hierarchy clustering, called ADIHC, is proposed in this paper. It applies an improved hierarchy clustering tree to organize clusters which are obtained by density-based partitioning method. We extend the clustering algorithm and apply branch and bound method for filtering noise. With the help of two advantages: filtering noise and updating normality profiles at any time, our algorithm is suitable for the changing and complex network. A series of experimental results on well known KDD Cup 1999 dataset indicate that ADIHC has superior performance of detection and meets more real-time requirements of intrusion detection system

• 出版日期2009
• 单位吉林大学