Abstract
Intrusion detection is a hot topic related to information and national security. Supervised network intrusion detection has been an active and difficult research hotspot in the field of intrusion detection for many years. However, a lot of issues haven’t been resolved successfully yet. The most important one is the loss of detection performance attribute to the difficulties in obtaining adequate attack data for the supervised classifiers to model the attack patterns, and the data acquisition task is always time-consuming which greatly relies on the domain experts. In this paper, we propose a novel network intrusion detection method based on TCM-KNN (Transductive Confidence Machines for K-Nearest Neighbors) algorithm. Experimental results on the well-known KDD Cup 1999 dataset demonstrate the proposed method is robust and more effective than the state-of-the-art intrusion detection method even provided with “small” dataset for training.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bykova, M., Ostermann, S., Tjaden, B.: Detecting network intrusions via a statistical analysis of network packet characteristics. In: Proc. of the 33rd Southeastern Symp. on System Theory (SSST 2001), Athens, OH, IEEE Computer Society Press, Los Alamitos (2001)
Denning, D.E.: An Intrusion Detection Model. IEEE Transactions on Software Engineering, 222-232 (1987)
Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 1998 USENIX Security Symposium (1998)
Ghosh, A., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: Proceedings of the 8th USENIX Security Symposium (1999)
Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceeding of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, pp. 376–385 (2002)
Barbara, D., Wu, N., Jajodia, S.: Detecting Novel Network Intrusions Using Bayes Estimators. In: First SIAM Conference on Data Mining (2001)
Ye, N.: A Markov Chain Model of Temporal Behavior for Anomaly Detection. In: Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop (2000)
Eskin, E., et al.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Barbara, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security, Kluwer Academic Publishers, Dordrecht (2002)
Gammerman, A., Vovk, V.: Prediction algorithms and confidence measure based on algorithmic randomness theory. Theoretical Computer Science, 209-217 (2002)
Li, M., Vitanyi, P.: Introduction to Kolmogorov Complexity and its Applications, 2nd edn. Springer, Heidelberg (1997)
Proedru, K., et al.: Transductive confidence machine for pattern recognition. In: Elomaa, T., Mannila, H., Toivonen, H. (eds.) ECML 2002. LNCS (LNAI), vol. 2430, pp. 381–390. Springer, Heidelberg (2002)
Barbará, D., Domeniconi, C., Rogers, J.P.: Detecting outliers using transduction and statistical testing. In: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, USA, pp. 55–64 (2006)
Knowledge discovery in databases DARPA archive. Task Description. http://www.kdd.ics.uci.edu/databases/kddcup99/task.html
Lee, W., Stolfo, S.J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security (TISSEC) 3(4) (2000)
Barbarra, D., et al.: ADAM: Detecting Intrusions by Data Mining. In: Proceedings of the 2001 IEEE, Workshop on Information Assurance and Security, United States Military Academy, West Point, NY (2001)
Abraham, T.: DDM: Intrusion Detection Using Data Mining Techniques. DSTO Electronics and Surveillance Research Laboratory, Salisbury, Australia (2001)
Sinclair, S.M.C., Pierce, L.: An Application of Machine Learning to Network Intrusion Detection. In: Proceedings of the 15th Annual Computer Security Applications Conference, Phoenix, AZ, USA, pp. 371–377 (1999)
Luo, J., Bridges, S.M.: Mining Fuzzy Association Rules and Fuzzy Frequency Episodes for Intrusion Detection. International Journal of Intelligent Systems 15(8), 687–704 (2000)
Lippmann, R.P., Cunningham, R.K.: Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks. Computer Networks, 597–603 (2000)
WEKA software, Machine Learning. The University of Waikato, Hamilton, New Zealand, http://www.cs.waikato.ac.nz/ml/weka/
Tong, S.: Active Learning: Theory and Applications. PhD thesis, Stanford University, California (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Li, Y., Fang, BX., Guo, L., Chen, Y. (2007). TCM-KNN Algorithm for Supervised Network Intrusion Detection. In: Yang, C.C., et al. Intelligence and Security Informatics. PAISI 2007. Lecture Notes in Computer Science, vol 4430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71549-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-71549-8_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71548-1
Online ISBN: 978-3-540-71549-8
eBook Packages: Computer ScienceComputer Science (R0)