This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
1. Introduction
With the widespread advancement in the Internet and online platforms, network security requirements have also become inevitable [1, 2]. Various threats related to computer network security can be seen nowadays, like software bugs and intrusions. These bugs appear due to the large functionality and large size of the software or the operating system. The intruders who do not have access to this data may steal useful private information against the consent of the network users. However, the firewalls are placed in between two or more computers dedicated to isolating these networks based on determining rules or policies. But these firewalls are not enough to be secured from such types of attacks. This is the scenario where intrusion detection systems play a vital role in stopping the cyber attacks and analyze the security problems at the time of such intrusions so that these situations can be tackled in the future [3–5]. The intrusion detection systems collect the computer network information to track the possibility of attacks or misuses against ethical concerns [6, 7]. There are several types of network data concerns that fall into the category to be protected by intrusion detection, like network traffic data, system status files, and system-level test data [8–10]. There exist various applications of network intrusion detection systems which are depicted in Figure 1.
[figure omitted; refer to PDF]
The network traffic processing application can convert the traffic into various network parameter patterns, helpful in management. The prevention system is liable to detect the threats, and threat classification is done utilizing signature matching that is designated to match the input against the already present pattern. The other applications include threat reporting and anomaly detection that detects the traffic signatures [11, 12].
With the rapid development and application of computer network technology and the increasing number of computer network users, ensuring the security of information on the network has become a key technology of computer networks [13–15]. However, various security mechanisms have been developed to protect computer networks, such as user authorization and authentication, access control, data encryption, and data backup. But the above security mechanisms can no longer meet the current network security needs [16]. Network intrusions and attacks are still not uncommon. Therefore, intrusion detection is one of the key technologies that emerged in information and network security assurance. Introducing intrusion detection technology is equivalent to introducing a closed-loop security strategy [17, 18] into the computer system.
This article addresses intrusion detection by converting it into a problem of mining outliers using the network behavior dataset. A preventive technique for intrusion protection of computer network security is proposed to detect the outliers using the semisupervised clustering algorithms based on shared nearest neighbors. The nearest neighbor similarity criteria are used in this work to judge the outlier according to the number of nearest neighbors of a data point, and on this basis, semisupervised clustering is performed for deleting the outliers. The novelty of the proposed algorithm lies in outlier detection while effectively avoiding the dependence on parameters, thus eliminating the influence of outliers on clustering. This work used the real dataset for simulation and compared it with the other anomaly detection technologies. It was revealed that the anomaly detection technology based on outlier mining does not require a training process. This overcomes the current anomaly detection problems caused due to incomplete normal patterns in training samples. Furthermore, the proposed algorithm effectively detects outliers and provides good clustering outcomes based on the similarity.
The rest of this article is arranged as follows: Section 2 presents the state-of-the-art literature review followed by the research methods depicted in Section 3. Section 4 provides the results and discussion part of the experimental analysis done for the two datasets, followed by the concluding remarks in Section 5.
2. Literature Review
Domestic research on intrusion detection technology and methods started relatively late, but with the in-depth exploration of universities, scientific research institutes, and enterprises, the development is very rapid, and many new detection theories and results have been produced. The current research on intrusion detection technology mainly covers neural networks, data mining, support vector machines, artificial immunity, etc., involving smart grids, industrial infrastructure, industrial networks, and other related fields [19–22].
Sun et al. proposed an improved method of cascading transmission edges. Using the character interval, the character interval can be used to represent several consecutive characters, which can effectively reduce the number of transmission edges. In addition, the two methods before and after the improvement were compared through comparative experiments. The results show that the number of transmission edges can be reduced to 10% of that before the improvement, thereby increasing the efficiency of deep packet inspection [23].
Haojie et al. analyzed the potential security threats of 5G in-vehicle networks and focused on intrusion detection methods for in-vehicle networks. Four experimental scenarios were selected from potential attacks on the vehicle network, and real car data were collected to compile various attack databases for the first time. In order to find the appropriate method to identify different attacks, four lightweight intrusion detection methods are proposed to identify the abnormal behavior of the vehicle network. In addition, the research carried out a comparison of the detection performance between the four detection methods with the consideration of comprehensive evaluation indicators. The evaluation results provide the best lightweight detection solution for the vehicle network. This article helps to understand the advantages of test methods in the detection performance of in-vehicle networks. Furthermore, it promotes the application of detection technologies to safety issues in the automotive industry [24].
Zhang et al. took intrusion detection system (IDS) as the research object, established an IDS model based on data mining, obtained experimental results, and drew relevant experimental conclusions. At the same time, it was compared with traditional IDS, and six experiments were carried out. As a result, the detection rate, false-negative rate, and false-positive rate of two different methods in six experiments were obtained. The experiment concludes that the intrusion detection system using data mining has better network protection and security performance, and the detection ability of network vulnerability intrusion is stronger. Thus, this research provides a new way to detect and research network protection security loopholes [25].
Kumar et al. proposed a model in which a set of training examples obtained by using a network analyzer (i.e., Wireshark) can be used to construct an HMM. Since it is not an intrusion detection system, the obtained file trace can be used as a training example to test the HMM model. It also predicts the probability value of each test sequence and indicates whether the sequence is abnormal. This article also shows a numerical example; the example calculates the best observation sequence for the HMM and state sequence probability [26].
The innovation of this paper is that the problem of intrusion detection can be converted into the problem of mining outliers in the network behavior dataset. Compared with other anomaly detection technologies, the anomaly detection technology based on outlier mining does not require a training process, which overcomes the current anomaly detection faced with the problem of high false alarm rate caused by incomplete normal patterns in training samples. This paper describes the outlier mining algorithm based on the similarity.
3. Research Methods
3.1. Classification of Intrusion Detection
Through the research of existing intrusion detection technology methods, intrusion detection technology can be classified from different angles:
(1) According to the source of detection data, there are three categories: host-based intrusion detection technology, network-based intrusion detection technology, and host- and network-based intrusion detection technology. The above three intrusion detection technologies all have their own advantages and disadvantages and can complement each other. However, a complete intrusion detection system must be distributed based on both the host and the network
(2) According to the detection technology: divided into anomaly detection technology and misuse detection technology. Anomaly detection technology can also be called behavior-based intrusion detection technology, which assumes that all intrusions have abnormal characteristics. On the other hand, misuse detection technology, also known as knowledge-based intrusion detection technology, expresses intrusion behavior in attack mode and attack signature
(3) According to the working method: it can be divided into offline detection and online detection. Offline detection: it is a non-real-time system that analyzes audit events after the event and checks for intrusions. Online detection: real-time online detection system, which includes real-time network data packet analysis and real-time host audit analysis
(4) The system network architecture is divided into centralized detection technology, distributed detection technology, and layered detection technology. The analysis result is transmitted to the adjacent upper layer, and the detection system of the higher layer only analyzes the analysis result of the next layer. In addition, the hierarchical detection system makes the system more scalable by analyzing the hierarchical data [27–30].
3.2. Intrusion Detection System and Working Principle
An intrusion detection system refers to the system used to detect various intrusion behaviors. It is an important part of the network security system. By monitoring the operation status of the network and computer system, various attack attempts, attack behaviors, or attack results are found. And then promptly issue an alarm or make a corresponding response to ensure the confidentiality, integrity, and availability of system resources. Intrusion detection systems have been widely used and researched as an important means to resist network intrusion attacks [31, 32]. The basic intrusion detection system for computer network security is depicted in Figure 2.
[figure omitted; refer to PDF]
The intrusion detection system is a typical “snooping device.” It does not bridge multiple physical network segments (usually only one listening port). It does not need to forward any traffic, but only needs to passively and silently collect the messages it cares about on the network. Based on the collected messages, the intrusion detection system extracts the corresponding traffic statistical characteristic values. It uses the built-in intrusion knowledge base to perform intelligent analysis and comparison with these traffic characteristics [33, 34]. According to the preset threshold, the message traffic with higher matching coupling will be considered an offense. The intrusion detection system will wake up and alarm or carry out a limited counterattack according to the corresponding configuration. The principle of intrusion detection is shown in Figure 3.
[figure omitted; refer to PDF]
The workflow of an intrusion detection system is roughly divided into the following steps:
(1) Information collection. The first of intrusion detection is information collection, which includes the content of network traffic, the status, and behavior of user connection activities
(2) Signal analysis. The information collected above is generally analyzed by three technical means: pattern matching, statistical analysis, and completeness analysis. The first two methods are used for real-time intrusion detection, while integrity analysis is used for postmortem analysis
(3) Real-time recording, alarm, or limited counterattack. The fundamental task of IDS is to make appropriate responses to intrusions. These responses include detailed log records, real-time alarms, and limited counterattack sources. The only technical methods to identify intrusions are user characteristics, intruder characteristics, and activity-based. The structure of the intrusion detection system is shown in Figure 4
[figure omitted; refer to PDF]
From the perspective of time consumption, it is mainly the comparison of distance. Although the anomaly detection technology of outlier mining adds extra time and space consumption than the cluster-based anomaly detection technology, it also improves the algorithm’s performance and improves the performance of intrusion attacks and detection rate.
4. Results and Discussion
The experimental datasets in this article are all from UCI real datasets, and the experimental results are the average of data obtained from multiple experiments. The performance judgment of outlier detection is mainly based on analyzing the proportion of correct outliers detected in all outliers, and the evaluation function of semisupervised clustering algorithm is used.
The known number of paired constraints is the initial set of constraints randomly generated by the system. The known constraints are subtracted from the evaluation index because, in the semisupervised clustering algorithm, the known supervision information cannot reflect the effect of the clustering algorithm. The experiment uses the lypmphography dataset and the glass dataset for comparison experiments. The object distribution of the dataset is shown in Tables 1 and 2.
Table 1
Data object distribution of lypmphography dataset.
| Classification | Classification | Percentage |
| General category | Categories 2 and 3 | 95.9% |
| Outlier class | Categories 1 and 4 | 4.1% |
Table 2
Data object distribution of the glass dataset.
| Classification | Classification | Percentage |
| General category | Categories 1, 2, 3, and 7 | 89.8% |
| Outlier class | Categories 5 and 6 | 10.2% |
The experimental results of outlier detection are shown in the table. The first column in the table is the
The experimental results of the lypmphography dataset are shown in Table 3. Since the number of real categories in the dataset is 4, the experiment starts training from
Table 3
Outlier detection results on the lypmphography dataset.
| Direct isolation | Derivative outliers | Correct isolation points | Accuracy | |
| 8 | 3 | 12 | 4 | 66.7% (4/6) |
| 12 | 5 | 10 | 4 | 66.7% (4/6) |
| 16 | 8 | 15 | 6 | 66.7% (4/6) |
From this perspective, it is clear that the detection rate has increased by 7%. When
Table 4
Outlier detection results on the glass dataset.
| Direct isolation | Derivative outliers | Correct isolation points | Accuracy | |
| 8 | 10 | 24 | 16 | 66.7% (16/22) |
| 10 | 12 | 28 | 18 | 73.7% (18/22) |
| 16 | 16 | 33 | 22 | 100% (22/22) |
The two semisupervised clustering algorithms: C-Kmeans and Sine Cosine Algorithm-based sharing nearest neighbor (SCA-SNN), are evaluated in this study for outlier detection for both the lypmphography and glass dataset. Furthermore, the semisupervised clustering is performed on the “denoising” dataset after detecting the outliers. The experimental results obtained from these methods are also compared with other state-of-the-art methods like hierarchical clustering (HC) and principle component analysis (PCA) to determine the effectiveness of semisupervised clustering. The experimental results are shown in Figure 6–9.
[figure omitted; refer to PDF]
Figure 6 presents four different algorithms for the lypmphography dataset experimental outcomes before finding the outliers and without performing the denoising step. The experimental dataset utilized in Figure 7 is the “denoising” lypmphography dataset, which only contains the second and third types of the original lypmphography dataset. For experimental comparison on this dataset (done in Figure 7), it can be seen that as the number of paired constraints increases, the effect of the SCA-SNN algorithm is steadily increasing among all other algorithms. However, after removing the outliers, the C-Kmeans algorithm also provides relatively stable performance, and there is no significant fluctuation of the clustering results. But from the overall clustering results, the performance of the SCA-SNN algorithm is better than the C-Kmeans, PCA, and HC algorithm.
All the algorithms do not have noticeable results on the original lypmphography dataset. Although the experimental results have improved as the number of paired constraints increases when the number of constraints reaches 1000, the correct judgment rate of the C-Kmeans algorithm is only 0.48, and the SCA-SNN algorithm only reaches 0.58, which indicates that the data is concentrated. Furthermore, the outlier data caused a great impact on the clustering results and weakened the guiding role of the paired constraints, resulting in the entire clustering algorithm without good results.
Figures 8 and 9 are the experimental results on the glass dataset. It can be found from Figure 8 that the C-Kmeans algorithm exhibits its instability due to the existence of “noise” data. From the overall perspective of the clustering results, the clustering performance of the SCA-SNN algorithm is always better than that of the C-Kmeans, PCA, and HC algorithm.
Regardless of whether there are outliers in the dataset, the clustering effect of the SCA-SNN algorithm is better than that of the C-Kmeans algorithm and the other state-of-the-art algorithms, especially after removing the outliers. On the set, the SCA-SNN algorithm has better experimental results.
From the above four experimental results, the outlier detection-based SCA-SNN algorithm has the best experimental effect on the dataset without outliers, which shows that the detection of outliers is a crucial process and fully validates the clustering performance of the outlier detection-based SCA-SNN algorithm. In many practical applications, the dataset often contains some outliers. These outliers may contain potentially valuable information. Therefore, mining outliers can effectively improve the performance of clustering and get the correct classification. It can also help people obtain more valuable information.
5. Conclusion
This paper proposes an outlier detection and semisupervised clustering algorithm based on nearest neighbor similarity. The wood algorithm uses the C-Kmeans algorithm to train the dataset, which can obtain a reasonable and accurate data sharing nearest neighbor set, and quickly and accurately detect global outliers based on the obtained results, which also has a significant effect on local outliers. The algorithm effectively avoids the insufficient preprocessing of noise points and the influence of inaccurate input parameters on the results. Also, it overcomes the problem of large calculations such as the Jarvis-Patrick algorithm. In the process of semisupervised clustering, the acquired paired prior knowledge is expanded to maximize the guiding effect of prior knowledge. The algorithm detects outliers and effectively avoids the dependence on parameters and eliminates the influence of outliers on clustering. The algorithm combines prior knowledge and expands, making the clustering process “rules to follow.” Experiments on real datasets show that the outlier detection algorithm combined with semisupervised clustering results in the best clustering results. Furthermore, the experimentation reveals that the outlier detection-based SCA-SNN algorithm has the best experimental effect on the dataset without outliers. This approach shows that the detection of outliers is crucial and fully validates the clustering performance of the outlier detection-based SCA-SNN algorithm.
With the increasingly prominent network security issues, the research of intrusion detection technology has attracted more and more attention. An intrusion detection algorithm based on outlier data mining is given based on the in-depth study of data mining intrusion detection technology. Outlier mining technology can complete anomaly detection work. When the abnormal data is much smaller than the normal data, the detection result is better than anomaly detection technology based on clustering. In general, the statistical distribution of abnormal and normal behavior in-network data meets the conditions of use of outlier mining. Network security has always been a concern of people. However, with the further development of the network and the diversification of hacker attacks, there is still much research and challenging issues to be solved urgently.
Acknowledgments
The authors would like to acknowledge the support of Taif University Researchers Supporting Project number (TURSP-2020/239), Taif University, Taif, Saudi Arabia.
[1] M. Masud, G. S. Gaba, S. Alqahtani, G. Muhammad, B. B. Gupta, P. Kumar, A. Ghoneim, "A lightweight and robust secure key establishment protocol for Internet of medical things in COVID-19 patients care," IEEE Internet of Things Journal,DOI: 10.1109/JIOT.2020.3047662, 2021.
[2] M. Masud, M. Alazab, K. Choudhary, G. S. Gaba, "3P-SAKE: privacy-preserving and physically secured authenticated key establishment protocol for wireless industrial networks," Computer Communications, vol. 175, pp. 82-90, DOI: 10.1016/j.comcom.2021.04.021, 2021.
[3] R. G. Bace, Intrusion detection, 2000.
[4] K. Scarfone, P. Mell, Guide to intrusion detection and prevention systems (idps), vol. 800 no. 2007, 2007.
[5] G. Rathee, A. Sharma, R. Kumar, F. Ahmad, R. Iqbal, "A trust management scheme to secure mobile information centric networks," Computer Communications, vol. 151, pp. 66-75, DOI: 10.1016/j.comcom.2019.12.024, 2020.
[6] M. Poongodi, A. Sharma, V. Vijayakumar, V. Bhardwaj, A. P. Sharma, R. Iqbal, R. Kumar, "Prediction of the price of Ethereum blockchain cryptocurrency in an industrial finance system," Computers & Electrical Engineering, vol. 81, article 106527,DOI: 10.1016/j.compeleceng.2019.106527, 2020.
[7] B. Dayıoğlu, Use of Passive Network Mapping to Enhange Network Intrusion Detection, [M.S. thesis], 2001.
[8] T. Lappas, K. Pelechrinis, Data Mining Techniques for (Network) Intrusion Detection Systems, vol. 92521, 2007.
[9] G. Dhiman, K. K. Singh, M. Soni, A. Nagar, M. Dehghani, A. Slowik, A. Kaur, A. Sharma, E. H. Houssein, K. Cengiz, "MOSOA: a new multi-objective seagull optimization algorithm," Expert Systems with Applications, vol. 167, article 114150,DOI: 10.1016/j.eswa.2020.114150, 2021.
[10] G. Rathee, A. Sharma, H. Saini, R. Kumar, R. Iqbal, "A hybrid framework for multimedia data processing in IoT-healthcare using blockchain technology," Multimedia Tools and Applications, vol. 79 no. 15-16, article 7835, pp. 9711-9733, DOI: 10.1007/s11042-019-07835-3, 2020.
[11] M. A. Aydın, A. H. Zaim, K. G. Ceylan, "A hybrid intrusion detection system design for computer network security," Computers & Electrical Engineering, vol. 35 no. 3, pp. 517-526, DOI: 10.1016/j.compeleceng.2008.12.005, 2009.
[12] V. Singh, S. Puthran, "Intrusion detection system using data mining a review," 2016 International Conference on Global Trends in Signal Processing, Information Computing and Communication (ICGTSPICC), pp. 587-592, DOI: 10.1109/ICGTSPICC.2016.7955369, .
[13] D. Rathore, A. Jain, "Design hybrid method for intrusion detection using ensemble cluster classification and som network," International Journal of Advanced Computer Research, vol. 2 no. 3, pp. 181-186, 2019.
[14] M. Masud, G. S. Gaba, K. Choudhary, R. Alroobaea, M. S. Hossain, "A robust and lightweight secure access scheme for cloud based E-healthcare services," Peer-to-Peer Networking and Applications,DOI: 10.1007/s12083-021-01162-x, 2021.
[15] M. Masud, G. S. Gaba, K. Choudhary, M. S. Hossain, M. F. Alhamid, G. Muhammad, "Lightweight and anonymity-preserving user authentication scheme for IoT-based healthcare," IEEE Internet of Things Journal, 2021.
[16] W. Meng, E. Tischhauser, Q. Wang, Y. Wang, J. Han, "When intrusion detection meets blockchain technology: a review," IEEE Access, vol. 6 no. 1, pp. 10179-10188, DOI: 10.1109/ACCESS.2018.2799854, 2018.
[17] F. Farahnakian, J. Heikkonen, "Anomaly-based intrusion detection using deep neural networks," International Journal of Digital Content Technology and its Applications, vol. 12, pp. 70-118, 2018.
[18] T. Qian, Y. Wang, M. Zhang, J. Liu, "Intrusion detection method based on deep neural network," Huazhong Keji Daxue Xuebao, vol. 46 no. 1, 2018.
[19] R. Priyadharshini, E. J. Leavline, "Cuckoo optimisation based intrusion detection system for cloud computing," International Journal of Computer Network and Information Security, vol. 10 no. 11, pp. 42-49, 2018.
[20] A. U. Makarfi, K. M. Rabie, O. Kaiwartya, X. Li, R. Kharel, "Physical layer security in vehicular networks with reconfigurable intelligent surfaces," 2020 IEEE 91st Vehicular Technology Conference (VTC2020-Spring), .
[21] A. Jayaswal, R. Nahar, "Detecting network intrusion through a deep learning approach," International Journal of Computer Applications, vol. 180 no. 14, pp. 15-19, DOI: 10.5120/ijca2018916270, 2018.
[22] S. Kumar, K. Singh, S. Kumar, O. Kaiwartya, Y. Cao, H. Zhou, "Delimitated anti jammer scheme for Internet of vehicle: machine learning based security approach," IEEE Access, vol. 7, pp. 113311-113323, DOI: 10.1109/ACCESS.2019.2934632, 2019.
[23] R. Sun, L. Shi, C. Yin, J. Wang, "An improved method in deep packet inspection based on regular expression," Journal of Supercomputing, vol. 75 no. 6, pp. 3317-3333, DOI: 10.1007/s11227-018-2517-0, 2019.
[24] H. Ji, Y. Wang, H. Qin, Y. Wang, H. Li, "Comparative performance evaluation of intrusion detection methods for in-vehicle networks," IEEE Access, vol. 6, pp. 37523-37532, DOI: 10.1109/ACCESS.2018.2848106, 2018.
[25] J. Zhang, "Detection of network protection security vulnerability intrusion based on data mining," International Journal of Network Security, vol. 21 no. 6, pp. 979-984, 2019.
[26] P. Narwal, D. Kumar, S. N. Singh, "A hidden markov model combined with markov games for intrusion detection in cloud," Journal of Cases on Information Technology, vol. 21 no. 4, pp. 14-26, DOI: 10.4018/JCIT.2019100102, 2019.
[27] H. Yao, Q. Wang, L. Wang, P. Zhang, M. Li, Y. Liu, "An intrusion detection framework based on hybrid multi-level data mining," International Journal of Parallel Programming, vol. 47 no. 4, pp. 740-758, DOI: 10.1007/s10766-017-0537-7, 2019.
[28] A. Yang, Y. Zhuansun, C. Liu, J. Li, C. Zhang, "Design of intrusion detection system for internet of things based on improved bp neural network," IEEE Access, vol. 7, pp. 106043-106052, DOI: 10.1109/ACCESS.2019.2929919, 2019.
[29] S. Pundir, M. Wazid, D. P. Singh, A. K. Das, J. J. P. C. Rodrigues, Y. Park, "Intrusion detection protocols in wireless sensor networks integrated to Internet of things deployment: survey and future challenges," IEEE Access, vol. 8, pp. 3343-3363, DOI: 10.1109/ACCESS.2019.2962829, 2020.
[30] S. Naseer, Y. Saleem, S. Khalid, M. K. Bashir, J. Han, M. M. Iqbal, K. Han, "Enhanced network anomaly detection based on deep neural networks," IEEE access, vol. 6, pp. 48231-48246, DOI: 10.1109/ACCESS.2018.2863036, 2018.
[31] X. Li, M. Xu, P. Vijayakumar, N. Kumar, X. Liu, "Detection of low-frequency and multi-stage attacks in industrial Internet of things," IEEE Transactions on Vehicular Technology, vol. 69 no. 8, pp. 8820-8831, DOI: 10.1109/TVT.2020.2995133, 2020.
[32] Y. Xun, J. Liu, Y. Zhang, "Side-channel analysis for intelligent and connected vehicle security: a new perspective," IEEE Network, vol. 34 no. 2, pp. 150-157, DOI: 10.1109/MNET.001.1900214, 2020.
[33] A. Gupta, R. K. Jha, P. Gandotra, S. Jain, "Bandwidth spoofing and intrusion detection system for multistage 5g wireless communication network," IEEE Transactions on Vehicular Technology, vol. 67 no. 1, pp. 618-632, DOI: 10.1109/TVT.2017.2745110, 2018.
[34] H. Yang, F. Wang, "Wireless network intrusion detection based on improved convolutional neural network," IEEE Access, vol. 7, pp. 64366-64374, DOI: 10.1109/ACCESS.2019.2917299, 2019.
[35] M. Poongodi, A. Sharma, M. Hamdi, M. Maode, N. Chilamkurti, "Smart healthcare in smart cities: wireless patient monitoring system using IoT," The Journal of Supercomputing, vol. no. article 3765,DOI: 10.1007/s11227-021-03765-w, 2021.
[36] X. Xu, L. Li, A. Sharma, "Controlling messy errors in virtual reconstruction of random sports image capture points for complex systems," International journal of system assurance engineering and management,DOI: 10.1007/s13198-021-01094-y, 2021.
[37] G. K. Sodhi, S. Kaur, G. S. Gaba, L. Kansal, A. Sharma, G. Dhiman, "COVID-19: role of robotics, artificial intelligence, and machine learning during pandemic," Current Medical Imaging, vol. 17,DOI: 10.2174/1573405617666210224115722, 2021.
[38] Y. Liu, Q. Sun, A. Sharma, A. Sharma, G. Dhiman, "Line monitoring and identification based on roadmap towards edge computing," Wireless personal communications, vol. no. article 8272,DOI: 10.1007/s11277-021-08272-y, 2021.
[39] M. Fan, A. Sharma, "Design and implementation of construction cost prediction model based on SVM and LSSVM in industries 4.0," International Journal of Intelligent Computing and Cybernetics, vol. 14 no. 2, pp. 145-157, DOI: 10.1108/ijicc-10-2020-0142, 2021.
[40] H. Sun, M. Fan, A. Sharma, "Design and implementation of construction prediction and management platform based on building information modelling and three-dimensional simulation technology in industry 4.0," IET collaborative intelligent manufacturing,DOI: 10.1049/cim2.12019, 2021.
[41] X. Ren, C. Li, X. Ma, F. Chen, H. Wang, A. Sharma, G. S. Gaba, M. Masud, "Design of multi-information fusion based intelligent electrical fire detection system for green buildings," Sustainability, vol. 13 no. 6,DOI: 10.3390/su13063405, 2021.
[42] A. Sharma, R. Kumar, "A framework for pre-computated multi-constrained quickest QoS path algorithm," Journal of Telecommunication, Electronic and Computer Engineering (JTEC), vol. 9 no. 3-6, pp. 73-77, 2017.
[43] M. Poongodi, M. Hamdi, A. Sharma, M. Ma, P. K. Singh, "DDoS detection mechanism using trust-based evaluation system in VANET," IEEE Access, vol. 7, pp. 183532-183544, DOI: 10.1109/ACCESS.2019.2960367, 2019.
[44] D. Kumar, A. Sharma, R. Kumar, N. Sharma, "A holistic survey on disaster and disruption in optical communication network," Recent Advances in Electrical & Electronic Engineering (Formerly Recent Patents on Electrical & Electronic Engineering), vol. 13 no. 2, pp. 130-135, DOI: 10.2174/2352096512666190215141938, 2020.
You have requested "on-the-fly" machine translation of selected content from our databases. This functionality is provided solely for your convenience and is in no way intended to replace human translation. Show full disclaimer
Neither ProQuest nor its licensors make any representations or warranties with respect to the translations. The translations are automatically generated "AS IS" and "AS AVAILABLE" and are not retained in our systems. PROQUEST AND ITS LICENSORS SPECIFICALLY DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES FOR AVAILABILITY, ACCURACY, TIMELINESS, COMPLETENESS, NON-INFRINGMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Your use of the translations is subject to all use restrictions contained in your Electronic Products License Agreement and by using the translation functionality you agree to forgo any and all claims against ProQuest or its licensors for your use of the translation functionality and any output derived there from. Hide full disclaimer
Copyright © 2021 Yajing Wang et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0/
Abstract
Intrusion detection is crucial in computer network security issues; therefore, this work is aimed at maximizing network security protection and its improvement by proposing various preventive techniques. Outlier detection and semisupervised clustering algorithms based on shared nearest neighbors are proposed in this work to address intrusion detection by converting it into a problem of mining outliers using the network behavior dataset. The algorithm uses shared nearest neighbors as similarity, judges whether it is an outlier according to the number of nearest neighbors of a data point, and performs semisupervised clustering on the dataset where outliers are deleted. In the process of semisupervised clustering, vast prior knowledge is added, and the dataset is clustered according to the principle of graph segmentation. The novelty of the proposed algorithm lies in outlier detection while effectively avoiding the dependence on parameters, thus eliminating the influence of outliers on clustering. This article uses real datasets: lypmphography and glass for simulation purposes. The simulation results show that the algorithm proposed in this paper can effectively detect outliers and has a good clustering effect. Furthermore, the experimentation reveals that the outlier detection-based SCA-SNN algorithm has the best practical effect on the dataset without outliers, clearly validating the clustering performance of the outlier detection-based SCA-SNN algorithm. Furthermore, compared to the other state-of-the-art anomaly detection method, it was revealed that the anomaly detection technology based on outlier mining does not require a training process. Thus, they overcome the current anomaly detection problems caused due to incomplete normal patterns in training samples.
You have requested "on-the-fly" machine translation of selected content from our databases. This functionality is provided solely for your convenience and is in no way intended to replace human translation. Show full disclaimer
Neither ProQuest nor its licensors make any representations or warranties with respect to the translations. The translations are automatically generated "AS IS" and "AS AVAILABLE" and are not retained in our systems. PROQUEST AND ITS LICENSORS SPECIFICALLY DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES FOR AVAILABILITY, ACCURACY, TIMELINESS, COMPLETENESS, NON-INFRINGMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Your use of the translations is subject to all use restrictions contained in your Electronic Products License Agreement and by using the translation functionality you agree to forgo any and all claims against ProQuest or its licensors for your use of the translation functionality and any output derived there from. Hide full disclaimer
Details
; Ma, Juan 1
; Sharma, Ashutosh 2
; Singh, Pradeep Kumar 3
; Gurjot Singh Gaba 4
; Mehedi Masud 5
; Baz, Mohammed 6
1 Internet of Things Technology Department, Shanxi Vocational &Technical College of Finance & Trade, Taiyuan, 030031 Shanxi, China
2 Institute of Computer Technology and Information Security, Southern Federal University, Russia
3 Department of CSE, ABES Engineering College, Ghaziabad, Uttar Pradesh, India
4 School of Electronics and Electrical Engineering, Lovely Professional University, Phagwara, Punjab 144411, India
5 Department of Computer Science, College of Computers and Information Technology, Taif University, P. O. Box 11099, Taif 21944, Saudi Arabia
6 Department of Computer Engineering, College of Computer and Information Technology, Taif University, PO Box. 11099, Taif 21994, Saudi Arabia