Parzen-window network intrusion detectors

Author

Yeung, Dit-Yan ; Chow, Calvin

Author_Institution

Dept. of Comput. Sci., Hong Kong Univ. of Sci. & Technol., Kowloon, China

Volume

4

fYear

2002

fDate

2002

Firstpage

385

Abstract

Network intrusion detection is the problem of detecting anomalous network connections caused by intrusive activities. Many intrusion detection systems proposed before use both normal and intrusion data to build their classifiers. However, intrusion data are usually scarce and difficult to collect. We propose to solve this problem using a novelty detection approach. In particular, we propose to take a nonparametric density estimation approach based on Parzen-window estimators with Gaussian kernels to build an intrusion detection system using normal data only. To facilitate comparison, we have tested our system on the KDD Cup 1999 dataset. Our system compares favorably with the KDD Cup winner which is based on an ensemble of decision trees with bagged boosting, as our system uses no intrusion data at all and much less normal data for training.

Keywords

computer networks; pattern classification; security of data; Gaussian kernels; Parzen-window network intrusion detectors; anomalous network connection detection; classifiers; nonparametric density estimation; Boosting; Computer networks; Computer science; Computerized monitoring; Decision trees; Detectors; Intrusion detection; Kernel; Operating systems; System testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Pattern Recognition, 2002. Proceedings. 16th International Conference on

ISSN

1051-4651

Print_ISBN

0-7695-1695-X

Type

conf

DOI

10.1109/ICPR.2002.1047476

Filename

1047476