การประยุกต์ใช้เทคโนโลยีการระบุสิ่งผิดปกติในระบบตรวจจับการบุกรุกเครือข่าย
Article Sidebar
เผยแพร่แล้ว:
ส.ค. 2, 2018
คำสำคัญ:
ระบบตรวจจับการบุกรุกเครือข่าย การระบุสิ่งผิดปกติ การจัดกลุ่มข้อมูล การรวบรวมผลวิเคราะห์ย่อย
Main Article Content
บทคัดย่อ
สถานการณ์ในปัจจุบันอันเกี่ยวเนื่องกับการรักษาความมั่นคงปลอดภัยไซเบอร์ ทั้งภายใน ประเทศและเหตุการณ์โจมตีเครือข่ายขององค์กรในประเทศต่างๆ ทั่วโลก เป็นการยืนยันถึงภัยคุกคามประเภทใหม่นี้ อีกทั้งยังมีผลกระทบต่อทรัพยากรขององค์กร และส่วนบุคคล ปัญหาดังกล่าวมีแนวโน้ม ที่จะทวีความรุนแรงยิ่งขึ้น โดยเฉพาะในช่วงการขับเคลื่อนประเทศไทยสู่ยุคเศรษฐกิจดิจิตอล ภาครัฐได้ตระหนักและให้ความสำคัญกับการแก้ไขปัญหาอาชญากรรมนี้อย่างจริงจัง โดยมีการร่างยุทธศาสตร์ การวิจัยปี พ.ศ.2556-2560 ในรายประเด็นการรักษาความมั่นคงปลอดภัยไซเบอร์ เป็นแนวทางสนับสนุนงานวิจัยและการพัฒนานวัตกรรม ที่เป็นประโยชน์ต่อสาธารณะ สามารถแก้ไขปัญหาอาชญากรรมไซเบอร์รูปแบบต่างๆ ได้อย่างเป็นรูปธรรมและยั่งยืน หนึ่งในงานวิจัยที่ได้รับการศึกษาอย่างกว้างขวางคือ ระบบตรวจจับการบุกรุกเครือข่าย (network intrusion detection system: NIDS) ซึ่ง ทำหน้าที่วิเคราะห์หน่วยข้อมูลการสื่อสารที่เกิดขึ้น ในเครือข่ายเพื่อหารูปแบบที่สื่อถึงการบุกรุก จากนั้นแจ้งเตือนให้ผู้ใช้ได้ตัดสิน ตกลงใจต่อไป ระบบส่วนใหญ่ที่ใช้งาน ในปัจจุบันจะรองรับเฉพาะกรณีของรูปแบบที่ได้มีการบันทึกแล้วในอดีต แต่ยังไม่สามารถตรวจจับการโจมตีรูปแบบใหม่ได้ จึงเกิดแนวคิดการประยุกต์ใช้หลักการระบุสิ่งผิดปกติขึ้นเพื่อเพิ่มความยืดหยุ่นของระบบต่อการเปลี่ยนแปลงของสภาพแวดล้อม บทความนี้มีจุดมุ่งหมายที่จะนำเสนอทฤษฎีและความรู้พื้นฐานของการโจมตี ระบบตรวจจับ การบุกรุกและลักษณะของการประยุกต์ใช้การระบุสิ่งผิดปกติเพื่อแก้ไขปัญหาข้างต้น นอกจากนั้นยังได้นำเสนอทิศทางการวิจัย ที่จะเกิดขึ้นในอนาคตพร้อมความสอดคล้องของงานวิจัยที่จะเกิดขึ้นกับนโยบายของภาครัฐ ตามลำดับ
Article Details
รูปแบบการอ้างอิง
[1]
เอี่ยมอ่อน ณ., บุญเกิน ท., และ ปั้นทอง น., “การประยุกต์ใช้เทคโนโลยีการระบุสิ่งผิดปกติในระบบตรวจจับการบุกรุกเครือข่าย”, NKRAFA J.Sci Technol., ปี 12, ฉบับที่ 1, น. 64–81, ส.ค. 2018.
ประเภทบทความ
บทความวิจัย
- เนื้อหาและข้อมูลในบทความที่ตีพิมพ์ในวารสารวิทยาศาสตร์และเทคโนโลยีนายเรืออากาศ ถือเป็นข้อคิดเห็นและความรับผิดชอบของผู้เขียนบทความโดยตรง กองบรรณาธิการวารสาร ไม่จำเป็นต้องเห็นด้วย หรือร่วมรับผิดชอบใด ๆ
- บทความ ข้อมูล เนื้อหา รูปภาพ ฯลฯ ที่ได้รับการตีพิมพ์ในวารสารวิทยาศาสตร์และเทคโนโลยีนายเรืออากาศถือเป็นลิขสิทธิ์ของวารสารวิทยาศาสตร์และเทคโนโลยีนายเรืออากาศ หากบุคคลหรือหน่วยงานใดต้องการนำทั้งหมดหรือส่วนหนึ่งส่วนใดไปเผยแพร่ หรือเพื่อกระทำการใด ๆ จะต้องได้รับอนุญาตเป็นลายลักอักษรณ์จากวารสารวิทยาศาสตร์และเทคโนโลยีนายเรืออากาศ ก่อนเท่านั้น
เอกสารอ้างอิง
[1] The 2015 Household Survey on the Use of Information and Communication Technology, National Statistical Office, Ministry of Information and Communication Technology, 2015.
[2] Mcafee: Estimating the Global Cost of Cybercrime 2014, www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf [Accessed on 1 June 2016].
[3] A. Sundaram. An introduction to intrusion detection. Crossroads, 2( 4): 3–7, 1996.
[4] J.P. Anderson. Computer Security Threat Monitoring and Surveillance. James P Anderson Co, Fort Washington, Pennsylvania, Tech. Rep., April 1980.
[5] V. Chandola, A. Banerjee, and V. Kumar. Anomaly Detection: A Survey. ACM Computing Surveys, 41(3): 15/1–15/58, 2009.
[6] N.K. Ampah, C.M. Akujuobi, M.N.O. Sadiku, and S. Alam. An intrusion detection technique based on continuous binary communication channels. International Journal of Security and Networks, 6(2-3): 174–180, 2011.
[7] F.Y. Edgeworth. On discordant observations. Philosophy Mag., 23(5):364–375, 1987.
[8] A. Patcha and J.M. Park. An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12):3448–3470, 2007.
[9] P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, and E. Vazquez. Anomaly-based network intrusion detection: techniques, systems and challenges. Computers & Security, 28(1-2): 18–28, 2009.
[10] H.G. Kayacik, A.N. Zincir-Heywood, and M.I. Heywood. Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets. In Proceedings of Annual Conference on Privacy, Security and Trust, 2005.
[11] A.A. Ghorbani, W. Lu, and M. Tavallaee. Network Intrusion Detection and Prevention: Concepts and Techniques. Advances in Information Security. Springer-Verlag, 2009.
[12] R. Heady, G. Luger, A. Maccabe, and M. Servilla. The Architecture of a Network Level Intrusion Detection System. Computer Science Department, University of New Mexico, Tech. Rep. TR-90, 1990.
[13] Wikimedia: Intrusion detection system. http://en. wikipedia.org/wiki/Intrusion-detection-system [Accessed on 13 Aug 2016].
[14] M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita. Surveying Port Scans and Their Detection Methodologies. The Computer Journal, 54(10): 1565–1581, 2011.
[15] V. Kumar. Parallel and distributed computing for cyber security. IEEE Distributed Systems Online, 6(10), 2005.
[16] M.Thottan and C. Ji. Anomaly detection in IP networks. IEEE Trans. Signal Process, 51(8): 2191–2204, 2003.
[17] P.N. Tan, M. Steinbach, and V. Kumar. Introduction to Data Mining. Addison-Wesley, 2005.
[18] S.H. Cha. Comprehensive Survey on Distance/Similarity Measures between Probability Density Functions. International Journal of Mathematical Models and Methods in Applied Science, 1(4):300–307, 2007.
[19] M.V. Joshi, R.C. Agarwal, and V. Kumar. Mining needle in a haystack: classifying rare classes via two-phase rule induction. In Proceedings of ACM SIGKDD International Conference on Knowledge Discovery and Data Mining: 293–298, 2001.
[20] J. Theiler and D.M. Cai. Resampling approach for anomaly detection in multispectral images. In Proceedings of SPIE: 230–240, 2003.
[21] R. Fujimaki, T. Yairi, and K. Machida. An approach to spacecraft anomaly detection problem using kernel feature space. In Proceedings of ACM SIGKDD International Conference on Knowledge Discovery in Data Mining: 401–410, 2005.
[22] F.J. Anscombe and I. Guttman. Rejection of outliers. Technometrics, 2(2): 123–147, 1960.
[23] E. Eskin. Anomaly detection over noisy data using learned probability distributions. In Proceedings of International Conference on Machine Learning: 255–262, 2000.
[24] M. Desforges, P. Jacob, and J. Cooper. Applications of probability density estimation to the detection of abnormal conditions in engineering. In Proceedings of Institute of Mechanical Engineers, 687–703, 1998.
[25] C. Manikopoulos and S. Papavassiliou. Network Intrusion and Fault Detection: A Statistical Anomaly Approach. IEEE Communication Magazine, 40(10):76–82, 2002.
[26] P.K. Chan, M.V. Mahoney, and M.H. Arshad. A machine learning approach to anomaly detection. Department of Computer Science, Florida Institute of Technology, Tech. Rep. CS-2003-06, 2003.
[27] M.V. Mahoney and P.K. Chan. Learning rules for anomaly detection of hostile network traffic. In Proceedings of IEEE International Conference on Data Mining: 601-604, 2003.
[28] K. Wang and S.J. Stolfo. Anomalous Payload-Based Network Intrusion Detection. In Proceedings of Recent Advances in Intrusion Detection: 203–222, 2004.
[29] X. Song, M. Wu, C. Jermaine, and S. Ranka. Conditional Anomaly Detection. IEEE Transactions on Knowledge and Data Engineering, 19: 631–645, 2007.
[30] P. Chhabra, C. Scott, E.D. Kolaczyk, and M. Crovella. Distributed Spatial Anomaly Detection. In Proceedings of IEEE International Conference on Computer Communications: 1705–1713, 2008.
[31] W. Lu and A.A. Ghorbani. Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal of Advances in Signal Processing, 2009(837601), 2009.
[32] F.S. Wattenberg, J. I.A. Perez, P.C. Higuera, M.M. Fernandez, and I.A. Dimitriadis. Anomaly Detection in Network Traffic Based on Statistical Inference and α-Stable Modeling. IEEE Transactions on Dependable Secure Computing, 8(4): 494–509, 2011.
[33] M. Yu. A Nonparametric Adaptive CUSUM Method And Its Application In Network Anomaly Detection. Int. Journal of Advancements in Computing Technology, 4(1): 280–288, 2012.
[34] W. Lu and H. Tong. Detecting Network Anomalies Using CUSUM and EM Clustering. In Proceedings of International Symposium on Advances in Computation & Intelligence: 297–308, 2009.
[35] M.A. Qadeer, A. Iqbal, M. Zahid, and M.R. Siddiqui. Network Traffic Analysis and Intrusion Detection Using Packet Sniffer. In Proceedings of International Conference on Communication Software and Networks: 313–317, 2010.
[36] I. Kang, M.K. Jeong, and D. Kong. A differentiated one-class classification method with applications to intrusion detection. Expert Systems with Applications, 39(4): 3899–3905, 2012.
[37] C. Wagner, J. Francois, R. State, and T. Engel. Machine Learning Approach for IP-Flow Record Anomaly Detection. In Proceedings of International IFIP conference on Networking: 28–39, 2011.
[38] Z. Muda, W. Yassin, M.N. Sulaiman, and N.I. Udzir. A K-means and naive bayes learning approach for better intrusion detection. Information Technology Journal, 10(3): 648–655, 2011.
[39] M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita. RODD: An Effective Reference-Based Outlier Detection Technique for Large Datasets. Advanced Computing, 133: 76–84, 2011.
[40] C. Zhang, G. Zhang, and S. Sun. A Mixed Unsupervised Clustering-Based Intrusion Detection Model. In Proceedings of International Conference on Genetic and Evolutionary Computing: 426–428, 2009.
[41] P. Casas, J. Mazel, and P. Owezarski. Unsupervised network intrusion detection systems: detecting unknown without knowledge. Computer Communications, 35(7): 772–783, 2012.
[42] Z. Zhuang, Y. Li, and Z. Chen. Enhancing intrusion detection system with proximity information. International Journal of Security and Networks, 5(4): 207–219, 2010.
[43] M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita. NADO: network anomaly detection using outlier approach. In Proceedings of ACM International Conference on Communication, Computing and Security: 531–536, 2011.
[44] Z. Chen and C. Chen. A Closed-Form Expression for Static Worm- Scanning Strategies. In Proceedings of IEEE International Conference on Communications: 1573– 1577, 2008.
[45] F. Geramiraz, A.S. Memaripour, and M. Abbaspour. Adaptive Anomaly-Based Intrusion Detection System Using Fuzzy Controller. International Journal of Network Security, 14(6): 352–361, 2012.
[46] S. Mabu, C. Chen, N. Lu, K. Shimada, and K. Hirasawa. An Intrusion-Detection model based on fuzzy class-association-rule mining using genetic programming. IEEE Transactions on System, Man and Cybernetics, Part C, 41(1): 130–139, 2011.
[47] A.O. Adetunmbi, S.O. Falaki, O.S. Adewale, and B.K. Alese. Network Intrusion Detection based on Rough Set and k-Nearest Neighbour. International Journal of Computing and ICT Research, 2(1): 60–66, 2008.
[48] R.C. Chen, K.F. Cheng, Y.H. Chen, and C.F. Hsieh. Using Rough Set and Support Vector Machine for Network Intrusion Detection System. In Proceedings of Asian Conference on Intelligent Information and Database Systems: 465–470, 2009.
[49] A. Visconti and H. Tahayori. Artificial immune system based on interval type-2 fuzzy set paradigm. Applied Soft Computing, 11(6): 4055–4063, 2011.
[50] J.M. Estevez-Tapiador, P. Garcya-Teodoro, and J. E. Dyaz-Verdejo. Stochastic protocol modeling for anomaly based network intrusion detection. In Proceedings of International Workshop on Information Assurance: 3–12, 2003.
[51] A. Shabtai, U. Kanonov, and Y. Elovici. Intrusion detection for mobile devices using the knowledge-based, temporal abstraction
method. Journal of System Software, 83(8): 1524–1537, 2010.
[52] S.S. Hung and D.S.M. Liu. A user-oriented ontology-based approach for network intrusion detection. Computer Standards & Interfaces, 30(1-2): 78–88, 2008.
[53] K. Noto, C. Brodley, and D. Slonim. Anomaly Detection Using an Ensemble of Feature Models. In Proceedings of IEEE International Conference on Data Mining: 953–958, 2010.
[54] R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee. McPAD: A multiple classifier system for accurate payload-based anomaly detection. Computer Networks, 53(6): 864–881, 2009.
[55] W. Khreich, E. Granger, A. Miri, and R. Sabourin. Adaptive ROC-based ensembles of HMMs applied to anomaly detection. Pattern Recognition, 45(1): 208–230, 2012.
[56] D. Parikh and T. Chen. Data Fusion and Cost Minimization for Intrusion Detection. IEEE Transactions on Information Forensics and Security, 3(3): 381–389, 2008.
[57] R. Yan and C. Shao. Hierarchical Method for Anomaly Detection and Attack Identification in High-speed Network. Journal of Information Technology, 11(9): 1243–1250, 2012.
[58] W. Gong, W. Fu, and L. Cai. A Neural network based intrusion detection data fusion model. In Proceedings of International Joint Conference on Computational Science & Optimization: 410–414, 2010.
[59] D. Ariu, R. Tronci, and G. Giacinto. HMMPayl: An intrusion detection system based on Hidden Markov Models. Computers & Security, 30(4): 221–241, 2011.
[60] H.H. Nguyen, N. Harbi, and J. Darmont. An efficient local region and clustering-based ensemble system for intrusion detection. In Proceedings of Symposium on International Database Engineering & Applications: 185–191, 2011.
[61] A.K. Jain, M.N. Murty, and P.J. Flynn. Data clustering: A review. ACM Computing Survey, 31(3): 264-323, 1999.
[62] A.L. Fred and A.K. Jain. Combining multiple clusterings using evidence accumulation. IEEE Transaction on Pattern Analysis and Machine Intelligence, 27(6): 835-850, 2005.
[63] N. Nguyen and R. Caruana. Consensus clusterings. In Proceedings of IEEE International Conference on Data Mining: 607-612, 2007.
[64] B. Fischer and J. M. Buhmann. Bagging for path-based clustering. IEEE Transactions on Pattern Analysis and Machine Intelligence, 25(11): 1411-1415, 2003.
[65] A. Strehl and J. Ghosh. Cluster ensembles: A knowledge reuse framework for combining multiple partitions. Journal of Machine Learning Research, 3: 583-617, 2002.
[66] N. Iam-On and T. Boongoen. Comparative Study of Matrix Refinement Approaches for Ensemble Clustering. Machine Learning, 98(1-2): 269-300, 2015.
[67] T. Meehinkong, P. Praneetpolgrang and N. Chirawichitchai. An Adaptive Real-Time Intrusion Detection System Based on Cybersecurity Knowledge Architecture. NKRAFA Journal of Science and Technology, 10: 71-81, 2014.
[68] P. Sirinam. UAVs from a Cyber Security Perspective: Cyber Attack Vulnerabilities and
the Preparation of the RTAFA against Cyber Threats. NKRAFA Journal of Science and Technology, 10: 7-12, 2014.
[2] Mcafee: Estimating the Global Cost of Cybercrime 2014, www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf [Accessed on 1 June 2016].
[3] A. Sundaram. An introduction to intrusion detection. Crossroads, 2( 4): 3–7, 1996.
[4] J.P. Anderson. Computer Security Threat Monitoring and Surveillance. James P Anderson Co, Fort Washington, Pennsylvania, Tech. Rep., April 1980.
[5] V. Chandola, A. Banerjee, and V. Kumar. Anomaly Detection: A Survey. ACM Computing Surveys, 41(3): 15/1–15/58, 2009.
[6] N.K. Ampah, C.M. Akujuobi, M.N.O. Sadiku, and S. Alam. An intrusion detection technique based on continuous binary communication channels. International Journal of Security and Networks, 6(2-3): 174–180, 2011.
[7] F.Y. Edgeworth. On discordant observations. Philosophy Mag., 23(5):364–375, 1987.
[8] A. Patcha and J.M. Park. An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51(12):3448–3470, 2007.
[9] P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, and E. Vazquez. Anomaly-based network intrusion detection: techniques, systems and challenges. Computers & Security, 28(1-2): 18–28, 2009.
[10] H.G. Kayacik, A.N. Zincir-Heywood, and M.I. Heywood. Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets. In Proceedings of Annual Conference on Privacy, Security and Trust, 2005.
[11] A.A. Ghorbani, W. Lu, and M. Tavallaee. Network Intrusion Detection and Prevention: Concepts and Techniques. Advances in Information Security. Springer-Verlag, 2009.
[12] R. Heady, G. Luger, A. Maccabe, and M. Servilla. The Architecture of a Network Level Intrusion Detection System. Computer Science Department, University of New Mexico, Tech. Rep. TR-90, 1990.
[13] Wikimedia: Intrusion detection system. http://en. wikipedia.org/wiki/Intrusion-detection-system [Accessed on 13 Aug 2016].
[14] M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita. Surveying Port Scans and Their Detection Methodologies. The Computer Journal, 54(10): 1565–1581, 2011.
[15] V. Kumar. Parallel and distributed computing for cyber security. IEEE Distributed Systems Online, 6(10), 2005.
[16] M.Thottan and C. Ji. Anomaly detection in IP networks. IEEE Trans. Signal Process, 51(8): 2191–2204, 2003.
[17] P.N. Tan, M. Steinbach, and V. Kumar. Introduction to Data Mining. Addison-Wesley, 2005.
[18] S.H. Cha. Comprehensive Survey on Distance/Similarity Measures between Probability Density Functions. International Journal of Mathematical Models and Methods in Applied Science, 1(4):300–307, 2007.
[19] M.V. Joshi, R.C. Agarwal, and V. Kumar. Mining needle in a haystack: classifying rare classes via two-phase rule induction. In Proceedings of ACM SIGKDD International Conference on Knowledge Discovery and Data Mining: 293–298, 2001.
[20] J. Theiler and D.M. Cai. Resampling approach for anomaly detection in multispectral images. In Proceedings of SPIE: 230–240, 2003.
[21] R. Fujimaki, T. Yairi, and K. Machida. An approach to spacecraft anomaly detection problem using kernel feature space. In Proceedings of ACM SIGKDD International Conference on Knowledge Discovery in Data Mining: 401–410, 2005.
[22] F.J. Anscombe and I. Guttman. Rejection of outliers. Technometrics, 2(2): 123–147, 1960.
[23] E. Eskin. Anomaly detection over noisy data using learned probability distributions. In Proceedings of International Conference on Machine Learning: 255–262, 2000.
[24] M. Desforges, P. Jacob, and J. Cooper. Applications of probability density estimation to the detection of abnormal conditions in engineering. In Proceedings of Institute of Mechanical Engineers, 687–703, 1998.
[25] C. Manikopoulos and S. Papavassiliou. Network Intrusion and Fault Detection: A Statistical Anomaly Approach. IEEE Communication Magazine, 40(10):76–82, 2002.
[26] P.K. Chan, M.V. Mahoney, and M.H. Arshad. A machine learning approach to anomaly detection. Department of Computer Science, Florida Institute of Technology, Tech. Rep. CS-2003-06, 2003.
[27] M.V. Mahoney and P.K. Chan. Learning rules for anomaly detection of hostile network traffic. In Proceedings of IEEE International Conference on Data Mining: 601-604, 2003.
[28] K. Wang and S.J. Stolfo. Anomalous Payload-Based Network Intrusion Detection. In Proceedings of Recent Advances in Intrusion Detection: 203–222, 2004.
[29] X. Song, M. Wu, C. Jermaine, and S. Ranka. Conditional Anomaly Detection. IEEE Transactions on Knowledge and Data Engineering, 19: 631–645, 2007.
[30] P. Chhabra, C. Scott, E.D. Kolaczyk, and M. Crovella. Distributed Spatial Anomaly Detection. In Proceedings of IEEE International Conference on Computer Communications: 1705–1713, 2008.
[31] W. Lu and A.A. Ghorbani. Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal of Advances in Signal Processing, 2009(837601), 2009.
[32] F.S. Wattenberg, J. I.A. Perez, P.C. Higuera, M.M. Fernandez, and I.A. Dimitriadis. Anomaly Detection in Network Traffic Based on Statistical Inference and α-Stable Modeling. IEEE Transactions on Dependable Secure Computing, 8(4): 494–509, 2011.
[33] M. Yu. A Nonparametric Adaptive CUSUM Method And Its Application In Network Anomaly Detection. Int. Journal of Advancements in Computing Technology, 4(1): 280–288, 2012.
[34] W. Lu and H. Tong. Detecting Network Anomalies Using CUSUM and EM Clustering. In Proceedings of International Symposium on Advances in Computation & Intelligence: 297–308, 2009.
[35] M.A. Qadeer, A. Iqbal, M. Zahid, and M.R. Siddiqui. Network Traffic Analysis and Intrusion Detection Using Packet Sniffer. In Proceedings of International Conference on Communication Software and Networks: 313–317, 2010.
[36] I. Kang, M.K. Jeong, and D. Kong. A differentiated one-class classification method with applications to intrusion detection. Expert Systems with Applications, 39(4): 3899–3905, 2012.
[37] C. Wagner, J. Francois, R. State, and T. Engel. Machine Learning Approach for IP-Flow Record Anomaly Detection. In Proceedings of International IFIP conference on Networking: 28–39, 2011.
[38] Z. Muda, W. Yassin, M.N. Sulaiman, and N.I. Udzir. A K-means and naive bayes learning approach for better intrusion detection. Information Technology Journal, 10(3): 648–655, 2011.
[39] M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita. RODD: An Effective Reference-Based Outlier Detection Technique for Large Datasets. Advanced Computing, 133: 76–84, 2011.
[40] C. Zhang, G. Zhang, and S. Sun. A Mixed Unsupervised Clustering-Based Intrusion Detection Model. In Proceedings of International Conference on Genetic and Evolutionary Computing: 426–428, 2009.
[41] P. Casas, J. Mazel, and P. Owezarski. Unsupervised network intrusion detection systems: detecting unknown without knowledge. Computer Communications, 35(7): 772–783, 2012.
[42] Z. Zhuang, Y. Li, and Z. Chen. Enhancing intrusion detection system with proximity information. International Journal of Security and Networks, 5(4): 207–219, 2010.
[43] M.H. Bhuyan, D.K. Bhattacharyya, and J.K. Kalita. NADO: network anomaly detection using outlier approach. In Proceedings of ACM International Conference on Communication, Computing and Security: 531–536, 2011.
[44] Z. Chen and C. Chen. A Closed-Form Expression for Static Worm- Scanning Strategies. In Proceedings of IEEE International Conference on Communications: 1573– 1577, 2008.
[45] F. Geramiraz, A.S. Memaripour, and M. Abbaspour. Adaptive Anomaly-Based Intrusion Detection System Using Fuzzy Controller. International Journal of Network Security, 14(6): 352–361, 2012.
[46] S. Mabu, C. Chen, N. Lu, K. Shimada, and K. Hirasawa. An Intrusion-Detection model based on fuzzy class-association-rule mining using genetic programming. IEEE Transactions on System, Man and Cybernetics, Part C, 41(1): 130–139, 2011.
[47] A.O. Adetunmbi, S.O. Falaki, O.S. Adewale, and B.K. Alese. Network Intrusion Detection based on Rough Set and k-Nearest Neighbour. International Journal of Computing and ICT Research, 2(1): 60–66, 2008.
[48] R.C. Chen, K.F. Cheng, Y.H. Chen, and C.F. Hsieh. Using Rough Set and Support Vector Machine for Network Intrusion Detection System. In Proceedings of Asian Conference on Intelligent Information and Database Systems: 465–470, 2009.
[49] A. Visconti and H. Tahayori. Artificial immune system based on interval type-2 fuzzy set paradigm. Applied Soft Computing, 11(6): 4055–4063, 2011.
[50] J.M. Estevez-Tapiador, P. Garcya-Teodoro, and J. E. Dyaz-Verdejo. Stochastic protocol modeling for anomaly based network intrusion detection. In Proceedings of International Workshop on Information Assurance: 3–12, 2003.
[51] A. Shabtai, U. Kanonov, and Y. Elovici. Intrusion detection for mobile devices using the knowledge-based, temporal abstraction
method. Journal of System Software, 83(8): 1524–1537, 2010.
[52] S.S. Hung and D.S.M. Liu. A user-oriented ontology-based approach for network intrusion detection. Computer Standards & Interfaces, 30(1-2): 78–88, 2008.
[53] K. Noto, C. Brodley, and D. Slonim. Anomaly Detection Using an Ensemble of Feature Models. In Proceedings of IEEE International Conference on Data Mining: 953–958, 2010.
[54] R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee. McPAD: A multiple classifier system for accurate payload-based anomaly detection. Computer Networks, 53(6): 864–881, 2009.
[55] W. Khreich, E. Granger, A. Miri, and R. Sabourin. Adaptive ROC-based ensembles of HMMs applied to anomaly detection. Pattern Recognition, 45(1): 208–230, 2012.
[56] D. Parikh and T. Chen. Data Fusion and Cost Minimization for Intrusion Detection. IEEE Transactions on Information Forensics and Security, 3(3): 381–389, 2008.
[57] R. Yan and C. Shao. Hierarchical Method for Anomaly Detection and Attack Identification in High-speed Network. Journal of Information Technology, 11(9): 1243–1250, 2012.
[58] W. Gong, W. Fu, and L. Cai. A Neural network based intrusion detection data fusion model. In Proceedings of International Joint Conference on Computational Science & Optimization: 410–414, 2010.
[59] D. Ariu, R. Tronci, and G. Giacinto. HMMPayl: An intrusion detection system based on Hidden Markov Models. Computers & Security, 30(4): 221–241, 2011.
[60] H.H. Nguyen, N. Harbi, and J. Darmont. An efficient local region and clustering-based ensemble system for intrusion detection. In Proceedings of Symposium on International Database Engineering & Applications: 185–191, 2011.
[61] A.K. Jain, M.N. Murty, and P.J. Flynn. Data clustering: A review. ACM Computing Survey, 31(3): 264-323, 1999.
[62] A.L. Fred and A.K. Jain. Combining multiple clusterings using evidence accumulation. IEEE Transaction on Pattern Analysis and Machine Intelligence, 27(6): 835-850, 2005.
[63] N. Nguyen and R. Caruana. Consensus clusterings. In Proceedings of IEEE International Conference on Data Mining: 607-612, 2007.
[64] B. Fischer and J. M. Buhmann. Bagging for path-based clustering. IEEE Transactions on Pattern Analysis and Machine Intelligence, 25(11): 1411-1415, 2003.
[65] A. Strehl and J. Ghosh. Cluster ensembles: A knowledge reuse framework for combining multiple partitions. Journal of Machine Learning Research, 3: 583-617, 2002.
[66] N. Iam-On and T. Boongoen. Comparative Study of Matrix Refinement Approaches for Ensemble Clustering. Machine Learning, 98(1-2): 269-300, 2015.
[67] T. Meehinkong, P. Praneetpolgrang and N. Chirawichitchai. An Adaptive Real-Time Intrusion Detection System Based on Cybersecurity Knowledge Architecture. NKRAFA Journal of Science and Technology, 10: 71-81, 2014.
[68] P. Sirinam. UAVs from a Cyber Security Perspective: Cyber Attack Vulnerabilities and
the Preparation of the RTAFA against Cyber Threats. NKRAFA Journal of Science and Technology, 10: 7-12, 2014.
