Abstract—This paper proposes a new clustering algorithm which continuously models a data stream. A set of features is used to represent the characteristics of an activity. For each feature, the clusters of feature values corresponding to activities observed so far in an audit data stream are identified by the proposed clustering algorithm for data streams. As a result, without maintaining any historical activity of a user physically, new activities of the user can be continuously reflected to the on-going result of clustering.
Index Terms—Intrusion detection, anomaly detection, data mining, clustering, data stream.
Jinsuk Kang is with the Jangwee Research Institute of National Defene, Ajou University, South Korea (e-mail: jskang01@ajou.ac.kr)
Sanghyun Oh is with the Java Inc. Corp, South Korea.
[PDF]
Cite: Jinsuk Kang and Sanghyun Oh, "Anomaly Intrusion Detection based on Clustering a Data Stream,"
International Journal of Future Computer and Communication vol. 1, no. 1, pp. 17-20, 2012.
