Title :
An Intrinsic Subsequence Decomposition Algorithm for Network Intrusion Detection
Author :
Zhu, Yingying ; Ye, Mao ; Liu, Naiqi ; Zhao, Xin ; Li, Xue
Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu
Abstract :
The problem of network intrusion detection is an active research issue. Based on the techniques of sequence data mining, we propose a completely new approach based on intrinsic subsequence to detect intrusions in the network connection data. An intrinsic subsequence means that all items in it are always present together as a whole in the sequence. The total number of an intrinsic subsequence appeared in a sequence is referred to as absolute support. The intrinsic subsequences with approximate absolute support form a layer. A sequence is supposed to be composed of a set of intrinsic subsequences. And the anomalies are always shown as a composition of some unusual intrinsic subsequences. The abnormal sequence can be detected by decomposing the sequence into a number of layers and finding the differences of the corresponding layers between the normal and suspect sequence data. An original algorithm for intrusion detection by using the idea of decomposition is proposed. The experiments on the data sets of KDD 99 illuminate the utility and efficiency of our new approach.
Keywords :
data mining; security of data; KDD 99; intrinsic subsequence decomposition algorithm; network intrusion detection; sequence data mining; Australia; Clustering algorithms; Computer networks; Computer science; Data mining; IP networks; Information technology; Intrusion detection; Protocols; Support vector machines; Decomposition; Intrinsic Subsequence; Intrusion Detection; Sequence;
Conference_Titel :
Natural Computation, 2008. ICNC '08. Fourth International Conference on
Conference_Location :
Jinan
Print_ISBN :
978-0-7695-3304-9
DOI :
10.1109/ICNC.2008.101
