Intrusion detection is commonly regarded as the classification problem. The paper presents a new clustering model based on deterministic annealing algorithm to detect intrusion. In our model, each user is considered as a discrete stationary source with variable memory. A sequence of characters composed of command lines from a user's account is regarded as the result that is potentially generated by the user and the intruder in different period. We determine the intrusion by finding the source(s) in the sequence, which will be as close as possible to the original one(s). Our experiment shows that the model is feasible.
展开▼
