In this paper, we study the anomaly detection problem with the goal of minimizing memory and time complexity. Prior works need to check the whole training database to detect anomalous objects, and hence they are not scalable for large training databases. In this paper, we propose two similarity (resp., dissimilarity) measures. We show that similarity and dissimilarity can be described by one linear equation. Based on this result, we take a novel approach to address the anomalybased intrusion detection. This approach converts all the profiles composing the training database into 2-dimensional geometric points such that these points lie on the the same line y = n-x. A simple comparison operation is sufficient to decide whether an object is normal or anomalous. Complexity analysis shows that our IDS outperforms the classical anomaly-based IDS in terms of memory and time complexity.
展开▼
