Today, cyber attacks such as worms, scanning, active attackers are pervasive in Internet. A number of security approaches are proposed to address this problem, among which the intrusion detection system (IDS) appears to be one of the major and most effective solutions for defending against malicious users. Essentially, intrusion detection problem can be generalized as a classification problem, whose goal is to distinguish normal behaviors and anomalies. There are many well-known pattern recognition algorithms for classification purpose. In this paper we describe the details of applying pattern recognition methods to the intrusion detection research field. Experimenting on the KDDCUP 99 data set, we first use information gain metric to reduce the dimensionality of the original feature space. Two supervised methods, the support vector machine as well as the multi-layer neural network have been tested and the results display high detection rate and low false alarm rate, which is promising for real world applications. In addition, three unsupervised methods, Single-Linkage, K-Means, and CLIQUE, are also implemented and evaluated in the paper. The low computational complexity reveals their application in initial data reduction process.
展开▼