a lattice based nearest neighbor classifier for anomaly intrusion detection

as networking and communication technology becomes more widespread, thequantity and impact of system attackers have been increased rapidly. themethodology of intrusion detection (ids) is generally classified into two broadcategories according to the detection approaches: misuse detection and anomalydetection. in misuse detection approach, abnormal system behavior is defined atfirst, and then any other behavior is defined as normal behavior. the main goal ofthe anomaly detection approach is to construct a model representing normalactivities. then, any deviation from this model can be considered as an anomaly,and recognized to be an attack. recently much more attention is paid to theapplication of lattice theory in different fields. in this work we propose a latticebased nearest neighbor classifier capable of distinguishing between badconnections, called attacks, and good normal connections. a new nonlinearvaluation function is introduced to tune the performance of the proposed model. theperformance of the algorithm was evaluated by using kdd cup 99 data set, thebenchmark dataset used by intrusion detection systems researchers. simulationresults confirm the effectiveness of the proposed method.