The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Intrusion detection using an ensemble of intelligent paradigms
Journal of Network and Computer Applications - Special issue on computational intelligence on the internet
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Wide-area Internet traffic patterns and characteristics
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
A new approach of anomaly intrusion detection (AID) is proposed in this paper. The Self-Organizing Map (SOM) is used to construct the normal usage profiles of network traffic, and in the training phase and detection phase, the Vector Elimination Nearest-Neighbor Search (VENNS) algorithm is designed and implemented. The design procedure optimizes the performance of AID by jointly accounting for accurate usage profile modeling by SOM codebook and fast vector similarity measure using the fast Nearest-Neighbor search. In data processing, according to the characters of TCP attacks, a novel feature extraction approach of TCP flow state is implemented. Using the DARPA Intrusion Detection Evaluation Data Set, we implement the performance evaluation and comparison analysis. It is shown that the performance and efficiency of anomaly intrusion detection are improved greatly: the training time cost can be shortened about by four times and seven times for detection time cost.