DocumentCode
2223109
Title
Applying kernel methods to anomaly based intrusion detection systems
Author
Ali, Karim ; Boutaba, Raouf
Author_Institution
David R. Cheriton Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON, Canada
fYear
2009
fDate
23-26 June 2009
Firstpage
1
Lastpage
4
Abstract
Intrusion detection systems constitute a crucial cornerstone in securing computer networks especially after the recent advancements in attacking techniques. IDSes can be categorized according to the nature of detection into two major categories: signature-based and anomaly-based. In this paper we present KBIDS, a kernel-based method for an anomaly-based IDS that tries to cluster the training data to be able to classify the test data correctly. The method depends on the K-Means algorithm that is used for clustering. Our experiments show that the accuracy of detection of KBIDS increases exponentially with the number of clusters. However, the time taken to classify the given test data increase linearly with the number of clusters. It can be derived from the results that 16 clusters are sufficient to achieve an acceptable error rate while keeping the detection delay in bounds.
Keywords
pattern clustering; security of data; K-means algorithm; anomaly based intrusion detection systems; anomaly-based IDS; computer networks; detection delay; kernel methods; signature-based detection; Clustering algorithms; Computer networks; Computer science; Data security; Intrusion detection; Kernel; Monitoring; Telecommunication traffic; Testing; Training data; Intrusion Detection Systems; Kernel Methods; Machine Learning;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Infrastructure Symposium, 2009. GIIS '09. Global
Conference_Location
Hammemet
Print_ISBN
978-1-4244-4623-0
Electronic_ISBN
978-1-4244-4624-7
Type
conf
DOI
10.1109/GIIS.2009.5307054
Filename
5307054
Link To Document