Title :
Applying kernel methods to anomaly based intrusion detection systems
Author :
Ali, Karim ; Boutaba, Raouf
Author_Institution :
David R. Cheriton Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON, Canada
Abstract :
Intrusion detection systems constitute a crucial cornerstone in securing computer networks especially after the recent advancements in attacking techniques. IDSes can be categorized according to the nature of detection into two major categories: signature-based and anomaly-based. In this paper we present KBIDS, a kernel-based method for an anomaly-based IDS that tries to cluster the training data to be able to classify the test data correctly. The method depends on the K-Means algorithm that is used for clustering. Our experiments show that the accuracy of detection of KBIDS increases exponentially with the number of clusters. However, the time taken to classify the given test data increase linearly with the number of clusters. It can be derived from the results that 16 clusters are sufficient to achieve an acceptable error rate while keeping the detection delay in bounds.
Keywords :
pattern clustering; security of data; K-means algorithm; anomaly based intrusion detection systems; anomaly-based IDS; computer networks; detection delay; kernel methods; signature-based detection; Clustering algorithms; Computer networks; Computer science; Data security; Intrusion detection; Kernel; Monitoring; Telecommunication traffic; Testing; Training data; Intrusion Detection Systems; Kernel Methods; Machine Learning;
Conference_Titel :
Information Infrastructure Symposium, 2009. GIIS '09. Global
Conference_Location :
Hammemet
Print_ISBN :
978-1-4244-4623-0
Electronic_ISBN :
978-1-4244-4624-7
DOI :
10.1109/GIIS.2009.5307054
