Abstract
Most existing intrusion detection systems use signature-based approach to detect intrusions in audit data streams. This approach has a serious drawback. It cannot protect against novel types of attacks. Thereby there is a growing interest to application of data mining and machine learning methods to intrusion detection. This paper presents a new method for mining outliers designed for application in network intrusion detection systems. This method involves kernel-based fuzzy clustering technique. Network audit records are considered as vectors with numeric and nominal attributes. These vectors are implicitly mapped by means of a special kernel function into a high dimensional feature space, where the possibilistic clustering algorithm is applied to calculate the measure of ”typicalness” and to discover outliers. The performance of the suggested method is evaluated experimentally over KDD CUP 1999 data set.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Denning, D.E.: An intrusion detection model. IEEE Transactions on Software Engineering SE-13, 222–232 (1987)
Krishnapuram, R., Keller, J.M.: A Possibilistic Approach to Clustering. IEEE Trans. Fuzzy Systems 1(1), 98–110 (1993)
Scholkopf, B., Smola, A.: Learning with kernels: Support Vector Machines, Regularization, Optimization and Beyond. The MIT Press, Cambridge (2000)
Ben-Hur, A., Horn, D., Siegelmann, H.T., Vapnik, V.: Support vector clustering. Journal of Machine learning Research 2, 125–137 (2001)
Girolami, M.: Mercer Kernel Based Clustering in Feature Space. EEE Transactions on Neural Networks 13(4), 780–784 (2001)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)
Inoue, T., Abe, S.: Fuzzy Support Vector Machine for Pattern Classification. In: Proc. of IJCNN, pp. 1449–1455 (2001)
The third international knowledge discovery and data mining tools competition dataset KDD99-Cup (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Kumar, V.: Data Mining for Network Intrusion Detection. In: Presentation at NSF Workshop on Next Generation Data Mining, November 1-3 (2002)
Eskin, E.: Anomaly detection over noisy data using learned probability distributions. In: Proceedings of the International Conference on Machine Learning (2000)
Ghosh, A., Schwartzband, A.: A study in using neural networks for anomaly and misuse detection. In: Proceedings of 8th USENIX Security Symposium (1999)
Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., S., H., Hershkop, S., Zhang, J.: Real Time Data Mining-based Intrusion Detection. In: Proceedings of DISCEX II (2001)
Balcazar, J., Dai, Y., Watanabe, O.: A random sampling technique for training support vector machines. In: Abe, N., Khardon, R., Zeugmann, T. (eds.) ALT 2001. LNCS (LNAI), vol. 2225, p. 119. Springer, Heidelberg (2001)
Jin, W., Tung, A., Han, J.: Mining top-n local outliers in large databases. In: 7th ACM SIGKDD International Conference on KDD and Data Mining, pp. 293–298 (2001)
Girolami, M., He, C.: Probability Density Estimation from Optimally Condensed Data Samples. Computing & Information Systems Technical Reports (2002) ISSN-1461-6122
Ruspini, E.H.: Recent developments in fuzzy clustering. In: Yager, R.R. (ed.) Fuzzy Set and Possibility Theory: Recent Developments, pp. 133–147. Pergamon Press, New York (1982)
Marichal, J.-L.: On Sugeno integral as an aggregation function. Fuzzy Sets and Systems 114, 347–365 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Petrovskiy, M. (2003). A Fuzzy Kernel-Based Method for Real-Time Network Intrusion Detection. In: Böhme, T., Heyer, G., Unger, H. (eds) Innovative Internet Community Systems. IICS 2003. Lecture Notes in Computer Science, vol 2877. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39884-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-39884-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20436-7
Online ISBN: 978-3-540-39884-4
eBook Packages: Springer Book Archive