An Anomaly Detection Method for Network Intrusion Detection

摘要

PURPOSE: A method of performing anomaly detection for network invasion detecting is provided to detect anomaly network packets by using a clustering based on similarity between feature vectors, so as to develop a more efficient invasion detecting system. CONSTITUTION: A network invasion detecting system performs a clustering by using network packet sets for a test(11). The detecting system receives network packets through a network device. The detecting system extracts a feature vector from the packets(12). The detecting system selects a cluster having the most similarity with the extracted vector among existing clusters(13). The detecting system confirms whether the similarity value is bigger than a given threshold value(14). The detecting system receives the feature vector of the packet that is decided as normal, and re-preforms a clustering between feature vectors.