• DocumentCode
    2223109
  • Title

    Applying kernel methods to anomaly based intrusion detection systems

  • Author

    Ali, Karim ; Boutaba, Raouf

  • Author_Institution
    David R. Cheriton Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON, Canada
  • fYear
    2009
  • fDate
    23-26 June 2009
  • Firstpage
    1
  • Lastpage
    4
  • Abstract
    Intrusion detection systems constitute a crucial cornerstone in securing computer networks especially after the recent advancements in attacking techniques. IDSes can be categorized according to the nature of detection into two major categories: signature-based and anomaly-based. In this paper we present KBIDS, a kernel-based method for an anomaly-based IDS that tries to cluster the training data to be able to classify the test data correctly. The method depends on the K-Means algorithm that is used for clustering. Our experiments show that the accuracy of detection of KBIDS increases exponentially with the number of clusters. However, the time taken to classify the given test data increase linearly with the number of clusters. It can be derived from the results that 16 clusters are sufficient to achieve an acceptable error rate while keeping the detection delay in bounds.
  • Keywords
    pattern clustering; security of data; K-means algorithm; anomaly based intrusion detection systems; anomaly-based IDS; computer networks; detection delay; kernel methods; signature-based detection; Clustering algorithms; Computer networks; Computer science; Data security; Intrusion detection; Kernel; Monitoring; Telecommunication traffic; Testing; Training data; Intrusion Detection Systems; Kernel Methods; Machine Learning;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Infrastructure Symposium, 2009. GIIS '09. Global
  • Conference_Location
    Hammemet
  • Print_ISBN
    978-1-4244-4623-0
  • Electronic_ISBN
    978-1-4244-4624-7
  • Type

    conf

  • DOI
    10.1109/GIIS.2009.5307054
  • Filename
    5307054