Title :
Parzen-window network intrusion detectors
Author :
Yeung, Dit-Yan ; Chow, Calvin
Author_Institution :
Dept. of Comput. Sci., Hong Kong Univ. of Sci. & Technol., Kowloon, China
Abstract :
Network intrusion detection is the problem of detecting anomalous network connections caused by intrusive activities. Many intrusion detection systems proposed before use both normal and intrusion data to build their classifiers. However, intrusion data are usually scarce and difficult to collect. We propose to solve this problem using a novelty detection approach. In particular, we propose to take a nonparametric density estimation approach based on Parzen-window estimators with Gaussian kernels to build an intrusion detection system using normal data only. To facilitate comparison, we have tested our system on the KDD Cup 1999 dataset. Our system compares favorably with the KDD Cup winner which is based on an ensemble of decision trees with bagged boosting, as our system uses no intrusion data at all and much less normal data for training.
Keywords :
computer networks; pattern classification; security of data; Gaussian kernels; Parzen-window network intrusion detectors; anomalous network connection detection; classifiers; nonparametric density estimation; Boosting; Computer networks; Computer science; Computerized monitoring; Decision trees; Detectors; Intrusion detection; Kernel; Operating systems; System testing;
Conference_Titel :
Pattern Recognition, 2002. Proceedings. 16th International Conference on
Print_ISBN :
0-7695-1695-X
DOI :
10.1109/ICPR.2002.1047476
