Proc. SPIE. 6773, Next-Generation Communication and Sensor Networks 2007
KEYWORDS: Detection and tracking algorithms, Data modeling, Pattern recognition, Computer science, Data processing, Neural networks, Feature selection, Computer intrusion detection, Data conversion, Data centers
Today, cyber attacks such as worms, scanning, active attackers are pervasive in Internet. A number of security
approaches are proposed to address this problem, among which the intrusion detection system (IDS) appears
to be one of the major and most effective solutions for defending against malicious users. Essentially, intrusion
detection problem can be generalized as a classification problem, whose goal is to distinguish normal behaviors
and anomalies. There are many well-known pattern recognition algorithms for classification purpose. In this
paper we describe the details of applying pattern recognition methods to the intrusion detection research field.
Experimenting on the KDDCUP 99 data set, we first use information gain metric to reduce the dimensionality
of the original feature space. Two supervised methods, the support vector machine as well as the multi-layer
neural network have been tested and the results display high detection rate and low false alarm rate, which is
promising for real world applications. In addition, three unsupervised methods, Single-Linkage, K-Means, and
CLIQUE, are also implemented and evaluated in the paper. The low computational complexity reveals their
application in initial data reduction process.