A Fuzzy Kernel-Based Method for Real-Time Network Intrusion Detection

Petrovskiy, Mikhail

doi:10.1007/978-3-540-39884-4_16

Mikhail Petrovskiy⁷

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2877))

Included in the following conference series:

International Workshop on Innovative Internet Community Systems

299 Accesses
3 Citations

Abstract

Most existing intrusion detection systems use signature-based approach to detect intrusions in audit data streams. This approach has a serious drawback. It cannot protect against novel types of attacks. Thereby there is a growing interest to application of data mining and machine learning methods to intrusion detection. This paper presents a new method for mining outliers designed for application in network intrusion detection systems. This method involves kernel-based fuzzy clustering technique. Network audit records are considered as vectors with numeric and nominal attributes. These vectors are implicitly mapped by means of a special kernel function into a high dimensional feature space, where the possibilistic clustering algorithm is applied to calculate the measure of ”typicalness” and to discover outliers. The performance of the suggested method is evaluated experimentally over KDD CUP 1999 data set.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Denning, D.E.: An intrusion detection model. IEEE Transactions on Software Engineering SE-13, 222–232 (1987)
Article Google Scholar
Krishnapuram, R., Keller, J.M.: A Possibilistic Approach to Clustering. IEEE Trans. Fuzzy Systems 1(1), 98–110 (1993)
Article Google Scholar
Scholkopf, B., Smola, A.: Learning with kernels: Support Vector Machines, Regularization, Optimization and Beyond. The MIT Press, Cambridge (2000)
Google Scholar
Ben-Hur, A., Horn, D., Siegelmann, H.T., Vapnik, V.: Support vector clustering. Journal of Machine learning Research 2, 125–137 (2001)
Article Google Scholar
Girolami, M.: Mercer Kernel Based Clustering in Feature Space. EEE Transactions on Neural Networks 13(4), 780–784 (2001)
Google Scholar
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)
Google Scholar
Inoue, T., Abe, S.: Fuzzy Support Vector Machine for Pattern Classification. In: Proc. of IJCNN, pp. 1449–1455 (2001)
Google Scholar
The third international knowledge discovery and data mining tools competition dataset KDD99-Cup (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Kumar, V.: Data Mining for Network Intrusion Detection. In: Presentation at NSF Workshop on Next Generation Data Mining, November 1-3 (2002)
Google Scholar
Eskin, E.: Anomaly detection over noisy data using learned probability distributions. In: Proceedings of the International Conference on Machine Learning (2000)
Google Scholar
Ghosh, A., Schwartzband, A.: A study in using neural networks for anomaly and misuse detection. In: Proceedings of 8^th USENIX Security Symposium (1999)
Google Scholar
Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., S., H., Hershkop, S., Zhang, J.: Real Time Data Mining-based Intrusion Detection. In: Proceedings of DISCEX II (2001)
Google Scholar
Balcazar, J., Dai, Y., Watanabe, O.: A random sampling technique for training support vector machines. In: Abe, N., Khardon, R., Zeugmann, T. (eds.) ALT 2001. LNCS (LNAI), vol. 2225, p. 119. Springer, Heidelberg (2001)
Chapter Google Scholar
Jin, W., Tung, A., Han, J.: Mining top-n local outliers in large databases. In: 7th ACM SIGKDD International Conference on KDD and Data Mining, pp. 293–298 (2001)
Google Scholar
Girolami, M., He, C.: Probability Density Estimation from Optimally Condensed Data Samples. Computing & Information Systems Technical Reports (2002) ISSN-1461-6122
Google Scholar
Ruspini, E.H.: Recent developments in fuzzy clustering. In: Yager, R.R. (ed.) Fuzzy Set and Possibility Theory: Recent Developments, pp. 133–147. Pergamon Press, New York (1982)
Google Scholar
Marichal, J.-L.: On Sugeno integral as an aggregation function. Fuzzy Sets and Systems 114, 347–365 (2000)
Article MATH MathSciNet Google Scholar

Download references

Author information

Authors and Affiliations

Computer Science Department of Lomonosov Moscow State University, Building 2, MSU, Vorobjovy Gory, Moscow, 119899, Russia
Mikhail Petrovskiy

Authors

Mikhail Petrovskiy
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Institut für Mathematik, Technische Universität Ilmenau, PF 100565, 98684, Ilmenau, Germany
Thomas Böhme
Institute of Computer Science, University of Leipzig,
Gerhard Heyer
Computer Science Dept., University of Rostock, 18051, Rostock, Germany
Herwig Unger

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Petrovskiy, M. (2003). A Fuzzy Kernel-Based Method for Real-Time Network Intrusion Detection. In: Böhme, T., Heyer, G., Unger, H. (eds) Innovative Internet Community Systems. IICS 2003. Lecture Notes in Computer Science, vol 2877. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39884-4_16

Download citation

DOI: https://doi.org/10.1007/978-3-540-39884-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20436-7
Online ISBN: 978-3-540-39884-4
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics