Applying kernel methods to anomaly based intrusion detection systems

Karim Ali, Raouf Boutaba

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Intrusion detection systems constitute a crucial cornerstone in securing computer networks especially after the recent advancements in attacking techniques. IDSes can be categorized according to the nature of detection into two major categories: signature-based and anomaly-based. In this paper we present KBIDS, a kernelbased method for an anomaly-based IDS that tries to cluster the training data to be able to classify the test data correctly. The method depends on the K-Means algorithm that is used for clustering. Our experiments show that the accuracy of detection of KBIDS increases exponentially with the number of clusters. However, the time taken to classify the given test data increase linearly with the umber of clusters. It can be derived from the results that 16 clusters are sufficient to achieve an acceptable error rate while keeping the detection delay in bounds.

Original languageEnglish (US)
Title of host publication2009 Global Information Infrastructure Symposium, GIIS '09
DOIs
StatePublished - 2009
Event2009 Global Information Infrastructure Symposium, GIIS '09 - Hammemet, Tunisia
Duration: Jun 23 2009Jun 26 2009

Publication series

Name2009 Global Information Infrastructure Symposium, GIIS '09

Conference

Conference2009 Global Information Infrastructure Symposium, GIIS '09
Country/TerritoryTunisia
CityHammemet
Period6/23/096/26/09

Keywords

  • Intrusion detection systems
  • Kernel methods
  • Machine learning

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Software
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Applying kernel methods to anomaly based intrusion detection systems'. Together they form a unique fingerprint.

Cite this