a lattice based nearest neighbor classifier for anomaly intrusion detection

Authors

yazdan jamshidi

hossein nezamabadi-pour

abstract

as networking and communication technology becomes more widespread, thequantity and impact of system attackers have been increased rapidly. themethodology of intrusion detection (ids) is generally classified into two broadcategories according to the detection approaches: misuse detection and anomalydetection. in misuse detection approach, abnormal system behavior is defined atfirst, and then any other behavior is defined as normal behavior. the main goal ofthe anomaly detection approach is to construct a model representing normalactivities. then, any deviation from this model can be considered as an anomaly,and recognized to be an attack. recently much more attention is paid to theapplication of lattice theory in different fields. in this work we propose a latticebased nearest neighbor classifier capable of distinguishing between badconnections, called attacks, and good normal connections. a new nonlinearvaluation function is introduced to tune the performance of the proposed model. theperformance of the algorithm was evaluated by using kdd cup 99 data set, thebenchmark dataset used by intrusion detection systems researchers. simulationresults confirm the effectiveness of the proposed method.

Upgrade to premium to download articles

Sign up to access the full text

Already have an account?login

similar resources

A Lattice based Nearest Neighbor Classifier for Anomaly Intrusion Detection

As networking and communication technology become more widespread, the quantity and impact of system attackers have been increased rapidly. The methodology of intrusion detection (IDS) is generally classified into two broad categories according to the detection approaches: misuse detection and anomaly detection. In misuse detection approach, abnormal system behavior is defined at first, and the...

full text

Use of K-Nearest Neighbor classifier for intrusion detection

A new approach, based on the k-Nearest Neighbor (kNN) classifier, is used to classify program behavior as normal or intrusive. Program behavior, in turn, is represented by frequencies of system calls. Each system call is treated as a word and the collection of system calls over each program execution as a document. These documents are then classified using kNN classifier, a popular method in te...

full text

Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing

Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...

full text

Center-based nearest neighbor classifier

In this paper, a novel center-based nearest neighbor (CNN) classifier is proposed to deal with the pattern classification problems. Unlike nearest feature line (NFL) method, CNN considers the line passing through a sample point with known label and the center of the sample class. This line is called the center-based line (CL). These lines seem to have more capacity of representation for sample ...

full text

Nearest-Neighbor and Clustering based Anomaly Detection Algorithms for RapidMiner

Unsupervised anomaly detection is the process of finding outlying records in a given dataset without prior need for training. In this paper we introduce an anomaly detection extension for RapidMiner in order to assist non-experts with applying eight different nearest-neighbor and clustering based algorithms on their data. A focus on efficient implementation and smart parallelization guarantees ...

full text

Anomaly Detection with Score functions based on Nearest Neighbor Graphs

We propose a novel non-parametric adaptive anomaly detection algorithm for high dimensional data based on score functions derived from nearest neighbor graphs on n-point nominal data. Anomalies are declared whenever the score of a test sample falls below α, which is supposed to be the desired false alarm level. The resulting anomaly detector is shown to be asymptotically optimal in that it is u...

full text

My Resources

Save resource for easier access later


Journal title:
journal of advances in computer research

Publisher: sari branch, islamic azad university

ISSN 2345-606X

volume 4

issue 4 2013

Hosted on Doprax cloud platform doprax.com

copyright © 2015-2023