An anomaly intrusion detection method using the CSI-KNN algorithm

Authors:
Liwei Kuang;Mohammad Zulkernine
Affiliations:
Queen's University, Kingston, Canada;Queen's University, Kingston, Canada
Venue:
Proceedings of the 2008 ACM symposium on Applied computing
Year:
2008

Citing 8
Cited 2

A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Transductive Confidence Machines for Pattern Recognition

ECML '02 Proceedings of the 13th European Conference on Machine Learning
Results of the KDD'99 classifier learning

ACM SIGKDD Explorations Newsletter
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)

Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)
Detecting outliers using transduction and statistical testing

Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Network anomaly detection based on TCM-KNN algorithm

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A three-tier IDS via data mining approach

Proceedings of the 3rd annual ACM workshop on Mining network data

Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities

Journal of Systems Architecture: the EUROMICRO Journal
0day anomaly detection made possible thanks to machine learning

WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Machine learning-based anomaly detection approaches have attracted increasing attention in the network intrusion detection community because of their intrinsic capabilities in discovering novel attacks. However, most of today's anomaly-based IDSs generate high false positive rates and miss many attacks because of a deficiency in their ability to discriminate attacks from legitimate behaviors. In this paper, we propose an anomaly intrusion detection method using the Combined Strangeness and Isolation measure K-Nearest Neighbors (CSI-KNN) algorithm. The intrusion detection algorithm analyzes different characteristics of network data by employing two measures: strangeness and isolation. Based on these measures, a correlation unit raises intrusion alerts with associated confidence estimates. Multiple CSI-KNN classifiers work in parallel to deal with different types of network services so that the CSI-KNN-based NIDS can work more efficiently than processing all network services together.