A simple, yet effective, unit-circle algorithm for an intrusion detection system is presented. It defines normal and abnormal classes using the normalized “standard scores” of the traffic data with a novel unit-circle representation. In this approach, the feature values of the traffic data are first standardized to reduce statistical dependencies of local structural variations within a class and then normalized to isolate statistical inaccuracies between classes. A unit-circle is then constructed using two selected features. The unit-circle algorithm reveals that the normal and the back attack traffic in NSL-KDD datasets fall inside the normal and the abnormal classes respectively. Hence we have robust definitions for the back attack and normal traffic activities in a computer network based on NSL-KDD dataset.
展开▼