Intrusion detection
Predicting rare classes: can boosting make any weak learner strong?
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Hi-index | 0.00 |
Due to increasing incidents of cyber attacks and heightened concerns for cyber terrorism, implementing effective intrusion detection systems (IDSs) is an essential task for protecting cyber security. Intrusion detection is the process of monitoring and analyzing the events occurring in a computer system in order to detect signs of security problems [1]. Even though the intrusion detection problem has been studied intensively [2], current techniques for intrusion detection still have limitations considering the following three aspects: (1) It is very common to focus on the data mining step, while the other Knowledge Discovery in Databases (KDD) steps are largely ignored [4]. (2) Many intrusion detection systems assume the existence of sharp boundary between normal and anomalous behavior. This assumption, consequently, causes an abrupt separation between normality and anomaly. (3) The construction of many intrusion detection systems is based on some strong assumptions on input data set that make practical applications impractical. Considering all of these limitations, in this paper, we propose a novel anomaly detection framework that has several desirable features.