Abstract
In this study, we propose a new approach to determine intrusions of network in real-time based on statistical process control technique and kernel null space method. The training samples in a class are mapped to a single point using the Kernel Null Foley-Sammon Transform. The Novelty Score are computed from testing samples in order to determine the threshold for the real-time detection of anomaly. The efficiency of the proposed method is illustrated over the KDD99 data set. The experimental results show that our new method outperforms the OCSVM and the original Kernel Null Space method by 1.53% and 3.86% respectively in terms of accuracy.
Highlights
Security policies are very important in computer systems to prevent the outside attacks
Intrusion detection system (IDS) is a powerful tool and it attracts the attention of researchers [3]
Since our work focuses on one-class classification, we will review the state of the art for the family of one-class novelty detection
Summary
Security policies are very important in computer systems to prevent the outside attacks. We focus on developing an anomaly-based IDS solution, in which the designed IDS system is trained based on knowledge of normal traffic only. Such a system does not need to be trained with attack data traces to later detect if incoming traffic is anomaly or normal. We propose using a Control-Chart based method called Kernel Quantile Estimator to determine the detection threshold dynamically driven by each specific training data set instead of using a fixed threshold as described in the existing Kernel Null Space solutions [1, 2, 7].
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have