The problem of detecting anomalous network connections caused by intrusion activities is called Network intrusion detection. Conventional classification methods use data from both normal and intrusion classes to build the classifiers. However, intrusion data are usually scarce and difficult to collect. Novelty detection approach overcomes this problem which depends only on normal data. For this purpose, nonparametric density estimation approaches based on Parzen-window estimators are proposed earlier. Two fundamental problems faced are, (i) due to curse of dimensionality, for high dimensional data with a limited training set, the estimation can be biased and (ii) high computational requirements. We propose, (i) a novel pattern synthesis technique to synthesize artificial new training patterns to increase the training set size and thus to reduce the curse of dimensionality effect, and (ii) a compact data representation scheme to store the entire synthetic set to reduce the computational costs. The effectiveness of our methods are experimentally demonstrated.
[1]
Dit-Yan Yeung,et al.
Parzen-window network intrusion detectors
,
2002,
Object recognition supported by user interaction for service robots.
[2]
Robert K. Cunningham,et al.
Improving Intrusion Detection Performance using Keyword Selection and Neural Networks
,
2000,
Recent Advances in Intrusion Detection.
[3]
M. Narasimha Murty,et al.
An incremental data mining algorithm for compact realization of prototypes
,
2001,
Pattern Recognit..
[4]
E. Parzen.
On Estimation of a Probability Density Function and Mode
,
1962
.
[5]
Richard Lippmann,et al.
The 1999 DARPA off-line intrusion detection evaluation
,
2000,
Comput. Networks.
[6]
Dong Xiang,et al.
Information-theoretic measures for anomaly detection
,
2001,
Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.