Classification based on a multi-dimensional probability distribution and its application to network intrusion detection

With the rapid growth of the Internet, to make sure of the computer security has been a crucial problem, therefore, many techniques for Intrusion detection have been proposed in order to detect network attacks efficiently. On the other hand, data mining algorithms based on Genetic Network Programming (GNP) have been proposed recently. GNP is a graph-based evolutionary algorithm and can extract many important class association rules by making use of the distinguished representation ability of the graph structures. In this paper, a probabilistic classification is proposed and combined with the class association rule mining of GNP, and applied to Network intrusion detection for the performance evaluation. The proposed method creates a joint probability density function of normal and intrusion accesses and use it to efficiently classify new access data into normal, known intrusion or unknown intrusion. It is clarified from the experimental results that the proposed method shows high classification accuracy compared to the method without probabilistic classification.