Anomaly Detection Analysis of Intrusion Data Ising Supervised & Unsupervised Approach

Abstract

Anomaly based network intrusion detection (ANID) is an important problem that has been researched within diverse research areas and various application domains. Several anomaly based network intrusion detection systems (ANIDS) can be found in the literature. Most ANIDSs employ supervised algorithms, whose performances highly depend on attack-free training data. However, this kind of training data is difficult to obtain in real world network environment. Moreover, with changing network environment or services, patterns of normal traffic will be changed. This leads to high false positive rate of supervised ANIDSs. Using unsupervised anomaly detection techniques, however, the system can be trained with unlabeled data and is capable of detecting previously unseen attacks. We have categorized the existing ANIDSs based on its type, class, nature of detection/ processing, level of security, etc. We also enlist some proximity measures for intrusion data analysis and detection. We also report some experimental results for detection of attacks over the KDD’99 dataset.