Cluster Ensembles for Network Anomaly Detection

Thumbnail Image
Files
TR2006-2047.pdf (226.57 KB)
No Access Until
Permanent Link(s)
https://hdl.handle.net/1813/5744
Collections
Computing and Information Science Technical Reports
Other Titles
Authors
Abstract
Cluster ensembles aim to find better, more natural clusterings by combining multiple clusterings. We apply ensemble clustering to anomaly detection, hypothesizing that multiple views of the data will improve the detection of attacks. Each clustering rates how anomalous a point is; ratings are combined by averaging or taking either the minimum, the maximum, or median score. The evaluation shows that taking the median prediction from the cluster ensemble results in better performance than single clusterings. Surprisingly, averaging the individual predictions a) leads to worse performance than that of individual clusterings, and b) performs identically to taking the minimum prediction from the ensemble. This counter-intuitive result stems from asymmetric prediction distributions.
Journal / Series
Volume & Issue
Description
Sponsorship
Date Issued
2006-09-28
Publisher
Cornell University
Keywords
computer science; technical report
Location
Effective Date
Expiration Date
Sector
Employer
Union
Union Local
NAICS
Number of Workers
Committee Chair
Committee Co-Chair
Committee Member
Degree Discipline
Degree Name
Degree Level
Related Version
Related DOI
Related To
Related Part
Based on Related Item
Has Other Format(s)
Part of Related Item
Related To
Related Publication(s)
Link(s) to Related Publication(s)
References
Link(s) to Reference(s)
Previously Published As
http://techreports.library.cornell.edu:8081/Dienst/UI/1.0/Display/cul.cis/TR2006-2047
Government Document
ISBN
ISMN
ISSN
Other Identifiers
Rights
Rights URI
Types
technical report
Accessibility Feature
Accessibility Hazard
Accessibility Summary
Link(s) to Catalog Record