a lattice based nearest neighbor classifier for anomaly intrusion detection
نویسندگان
چکیده
as networking and communication technology becomes more widespread, thequantity and impact of system attackers have been increased rapidly. themethodology of intrusion detection (ids) is generally classified into two broadcategories according to the detection approaches: misuse detection and anomalydetection. in misuse detection approach, abnormal system behavior is defined atfirst, and then any other behavior is defined as normal behavior. the main goal ofthe anomaly detection approach is to construct a model representing normalactivities. then, any deviation from this model can be considered as an anomaly,and recognized to be an attack. recently much more attention is paid to theapplication of lattice theory in different fields. in this work we propose a latticebased nearest neighbor classifier capable of distinguishing between badconnections, called attacks, and good normal connections. a new nonlinearvaluation function is introduced to tune the performance of the proposed model. theperformance of the algorithm was evaluated by using kdd cup 99 data set, thebenchmark dataset used by intrusion detection systems researchers. simulationresults confirm the effectiveness of the proposed method.
منابع مشابه
A Lattice based Nearest Neighbor Classifier for Anomaly Intrusion Detection
As networking and communication technology become more widespread, the quantity and impact of system attackers have been increased rapidly. The methodology of intrusion detection (IDS) is generally classified into two broad categories according to the detection approaches: misuse detection and anomaly detection. In misuse detection approach, abnormal system behavior is defined at first, and the...
متن کاملUse of K-Nearest Neighbor classifier for intrusion detection
A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify program behavior as normal or intrusive. Program behavior, in turn, is represented by frequencies of system calls. Each system call is treated as a word and the collection of system calls over each program execution as a document. These documents are then classified using kNN classifier, a popular method in te...
متن کاملAssessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing
Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...
متن کاملCenter-based nearest neighbor classifier
In this paper, a novel center-based nearest neighbor (CNN) classifier is proposed to deal with the pattern classification problems. Unlike nearest feature line (NFL) method, CNN considers the line passing through a sample point with known label and the center of the sample class. This line is called the center-based line (CL). These lines seem to have more capacity of representation for sample ...
متن کاملNearest-Neighbor and Clustering based Anomaly Detection Algorithms for RapidMiner
Unsupervised anomaly detection is the process of finding outlying records in a given dataset without prior need for training. In this paper we introduce an anomaly detection extension for RapidMiner in order to assist non-experts with applying eight different nearest-neighbor and clustering based algorithms on their data. A focus on efficient implementation and smart parallelization guarantees ...
متن کاملAnomaly Detection with Score functions based on Nearest Neighbor Graphs
We propose a novel non-parametric adaptive anomaly detection algorithm for high dimensional data based on score functions derived from nearest neighbor graphs on n-point nominal data. Anomalies are declared whenever the score of a test sample falls below α, which is supposed to be the desired false alarm level. The resulting anomaly detector is shown to be asymptotically optimal in that it is u...
متن کاملمنابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
journal of advances in computer researchناشر: sari branch, islamic azad university
ISSN 2345-606X
دوره 4
شماره 4 2013
میزبانی شده توسط پلتفرم ابری doprax.com
copyright © 2015-2023