Skip to main content
SpringerLink
Log in

TCM-KNN Algorithm for Supervised Network Intrusion Detection

  • Conference paper
Book cover Intelligence and Security Informatics (PAISI 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4430))

Included in the following conference series:

Abstract

Intrusion detection is a hot topic related to information and national security. Supervised network intrusion detection has been an active and difficult research hotspot in the field of intrusion detection for many years. However, a lot of issues haven’t been resolved successfully yet. The most important one is the loss of detection performance attribute to the difficulties in obtaining adequate attack data for the supervised classifiers to model the attack patterns, and the data acquisition task is always time-consuming which greatly relies on the domain experts. In this paper, we propose a novel network intrusion detection method based on TCM-KNN (Transductive Confidence Machines for K-Nearest Neighbors) algorithm. Experimental results on the well-known KDD Cup 1999 dataset demonstrate the proposed method is robust and more effective than the state-of-the-art intrusion detection method even provided with “small” dataset for training.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bykova, M., Ostermann, S., Tjaden, B.: Detecting network intrusions via a statistical analysis of network packet characteristics. In: Proc. of the 33rd Southeastern Symp. on System Theory (SSST 2001), Athens, OH, IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  2. Denning, D.E.: An Intrusion Detection Model. IEEE Transactions on Software Engineering, 222-232 (1987)

    Google Scholar 

  3. Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 1998 USENIX Security Symposium (1998)

    Google Scholar 

  4. Ghosh, A., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: Proceedings of the 8th USENIX Security Symposium (1999)

    Google Scholar 

  5. Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceeding of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada, pp. 376–385 (2002)

    Google Scholar 

  6. Barbara, D., Wu, N., Jajodia, S.: Detecting Novel Network Intrusions Using Bayes Estimators. In: First SIAM Conference on Data Mining (2001)

    Google Scholar 

  7. Ye, N.: A Markov Chain Model of Temporal Behavior for Anomaly Detection. In: Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop (2000)

    Google Scholar 

  8. Eskin, E., et al.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Barbara, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security, Kluwer Academic Publishers, Dordrecht (2002)

    Google Scholar 

  9. Gammerman, A., Vovk, V.: Prediction algorithms and confidence measure based on algorithmic randomness theory. Theoretical Computer Science, 209-217 (2002)

    Google Scholar 

  10. Li, M., Vitanyi, P.: Introduction to Kolmogorov Complexity and its Applications, 2nd edn. Springer, Heidelberg (1997)

    MATH  Google Scholar 

  11. Proedru, K., et al.: Transductive confidence machine for pattern recognition. In: Elomaa, T., Mannila, H., Toivonen, H. (eds.) ECML 2002. LNCS (LNAI), vol. 2430, pp. 381–390. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Barbará, D., Domeniconi, C., Rogers, J.P.: Detecting outliers using transduction and statistical testing. In: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, USA, pp. 55–64 (2006)

    Google Scholar 

  13. Knowledge discovery in databases DARPA archive. Task Description. http://www.kdd.ics.uci.edu/databases/kddcup99/task.html

  14. Lee, W., Stolfo, S.J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security (TISSEC) 3(4) (2000)

    Google Scholar 

  15. Barbarra, D., et al.: ADAM: Detecting Intrusions by Data Mining. In: Proceedings of the 2001 IEEE, Workshop on Information Assurance and Security, United States Military Academy, West Point, NY (2001)

    Google Scholar 

  16. Abraham, T.: DDM: Intrusion Detection Using Data Mining Techniques. DSTO Electronics and Surveillance Research Laboratory, Salisbury, Australia (2001)

    Google Scholar 

  17. Sinclair, S.M.C., Pierce, L.: An Application of Machine Learning to Network Intrusion Detection. In: Proceedings of the 15th Annual Computer Security Applications Conference, Phoenix, AZ, USA, pp. 371–377 (1999)

    Google Scholar 

  18. Luo, J., Bridges, S.M.: Mining Fuzzy Association Rules and Fuzzy Frequency Episodes for Intrusion Detection. International Journal of Intelligent Systems 15(8), 687–704 (2000)

    Article  MATH  Google Scholar 

  19. Lippmann, R.P., Cunningham, R.K.: Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks. Computer Networks, 597–603 (2000)

    Google Scholar 

  20. WEKA software, Machine Learning. The University of Waikato, Hamilton, New Zealand, http://www.cs.waikato.ac.nz/ml/weka/

  21. Tong, S.: Active Learning: Theory and Applications. PhD thesis, Stanford University, California (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computing Technology, Chinese Academy of Sciences, Beijing,100080, China

    Yang Li, Bin-Xing Fang, Li Guo & You Chen

  2. Graduate School of Chinese Academy of Sciences, Beijing,100080, China

    Yang Li & You Chen

Authors
  1. Yang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bin-Xing Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Li Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. You Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Christopher C. Yang Daniel Zeng Michael Chau Kuiyu Chang Qing Yang Xueqi Cheng Jue Wang Fei-Yue Wang Hsinchun Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Berlin Heidelberg

About this paper

Cite this paper

Li, Y., Fang, BX., Guo, L., Chen, Y. (2007). TCM-KNN Algorithm for Supervised Network Intrusion Detection. In: Yang, C.C., et al. Intelligence and Security Informatics. PAISI 2007. Lecture Notes in Computer Science, vol 4430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71549-8_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-71549-8_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-71548-1

  • Online ISBN: 978-3-540-71549-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation