A fuzzy kernel-based method for real-time network intrusion detection

Abstract

Most existing intrusion detection systems use signature-based approach to detect intrusions in audit data streams. This approach has a serious drawback. It cannot protect against novel types of attacks. Thereby there is a growing interest to application of data mining and machine learning methods to intrusion detection. This paper presents a new method for mining outliers designed for application in network intrusion detection systems. This method involves kernel-based fuzzy clustering technique. Network audit records are considered as vectors with numeric and nominal attributes. These vectors are implicitly mapped by means of a special kernel function into a high dimensional feature space, where the possibilistic clustering algorithm is applied to calculate the measure of "typicalness" and to discover outliers. The performance of the suggested method is evaluated experimentally over KDD CUP 1999 data set. © Springer-Verlag Berlin Heidelberg 2003.