Applying Kernel methods to anomaly based intrusion detection systems

Authors:
Karim Ali;Raouf Boutaba
Affiliations:
David R. Cheriton, School of Computer Science, University of Waterloo, Waterloo, Ontario;David R. Cheriton, School of Computer Science, University of Waterloo, Waterloo, Ontario
Venue:
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
Year:
2009

Citing 10
Cited 0

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
An Immunological Approach to Change Detection: Algorithms, Analysis and Implications

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Mitigating denial of service attacks: a tutorial

Journal of Computer Security
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A Novel Classification Algorithm Based on Fuzzy Kernel Multiple Hyperspheres

FSKD '07 Proceedings of the Fourth International Conference on Fuzzy Systems and Knowledge Discovery - Volume 02
An adaptive intrusion detection algorithm based on clustering and kernel-method

PAKDD'06 Proceedings of the 10th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining
An immunity-based technique to characterize intrusions in computernetworks

IEEE Transactions on Evolutionary Computation

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion detection systems constitute a crucial cornerstone in securing computer networks especially after the recent advancements in attacking techniques. IDSes can be categorized according to the nature of detection into two major categories: signature-based and anomaly-based. In this paper we present KBIDS, a kernel-based method for an anomaly-based IDS that tries to cluster the training data to be able to classify the test data correctly. The method depends on the K-Means algorithm that is used for clustering. Our experiments show that the accuracy of detection of KBIDS increases exponentially with the number of clusters. However, the time taken to classify the given test data increase linearly with the number of clusters. It can be derived from the results that 16 clusters are sufficient to achieve an acceptable error rate while keeping the detection delay in bounds.