An adaptive network intrusion detection approach for the cloud environment

As Internet attacks grow rapidly, firewalls or network intrusion systems are indispensable. Existing approaches usually use attack signatures, machine learning or data mining algorithms to detect and stop anomaly or malicious flow. Machine learning algorithms need a set of labeled data to train the detection model, while the labeled data set is not always available. In this paper, we proposed an anomaly detection approach that is adaptive to the ever-changing network environment. The approach constructs a decision tree-based detection model for intrusion detection from unlabeled data by using an unsupervised learning algorithm called spectral clustering. And the system can easily be deployed on the cloud environment. In the experiments with the DARPA 2000 data set and the KDD Cup 1999 data set, our system shows notable improvement on the detection performance after the adaptation procedure.