Information Technology Reference
In-Depth Information
IDS can distinguish whether a system state is "normal" or "abnomal"
[3]
. So, an IDS can
be defined as the guard system that automatically detects malicious activities within a
host or a network, and consequently generates an alarm to alert the security apparatus
at a location if intrusions are considered to be illegal on that host or network
[4]
. Intru-
sion Detection System is divided into two categories: anomaly detection and misuse
detection
[5]
.In the requirements of an IDS, correctness and real-time are two important
items. In high-speed network, IDS faces a major problem that the low detection rate
can not handle the massive data transmission. There are two basic ideas to solve this
problem: (1) improve processing capabilities of the intrusion detection system, includ-
ing data-processing capacity and data collection capacity. (2) introduce new algorithms
or pretreatment to reduce the complexity of data processing.
This paper is organized as follows: in section 2, the background and related works
are reviewed. Then a behavior set evolution scheme and a similarity distance of net-
work behavior is proposed in section 3. Section 4 introduces a principle and the
framework of the synthetic reverse model. Section 5 explains the dimension reduction
method of behavior samples. Finally, it goes to conclusions.
2 Related Works
Accordance with the second view mentioned above, we improve the efficiency of data
processing by means of reduce the behavior vector dimensions. Manifold learning is a
way of simplifying high-dimension data by finding low-dimensional structure in it.
The goal of the algorithms is to map a given set of high-dimensional data points into a
surrogate low-dimensional space
[6]
. Animesh Patcha
[7]
presented an anomaly detec-
tion scheme, called SCAN (Stochastic Clustering Algorithm for Network Anomaly
Detection), that has the capability to detect intrusions with high accuracy even with
incomplete audit data.
Many researchers proposed some new intrusion detection methods oriented new
network entironments. Paper [8] proposed an Anomaly detection enhanced classifica-
tion in computer intrusion detection. Kim
[9]
proposes a method of applying Support
Vector Machines to network-based Intrusion Detection System (SVM IDS). Park
[10]
proposes a new approach to model lightweight Intrusion Detection System (IDS)
based on a new feature selection approach named Correlation-based Hybrid Feature
Selection (CBHFS) which is able to significantly decrease training and testing times
while retaining high detection rates with low false positives rates as well as stable fea-
ture selection results. Taylor
[11]
introduced an lightweight IDS solution called NATE,
Network Analysis of Anomalous Traffic Events. The approach features minimal net-
work traffic measurement, an anomaly-based detection method, and a limited attack
scope. Horng
[12]
presents the results of a study on intrusion detection on IIS (Internet
information services) utilizing a hybrid intrusion detection system. The feasibility of
the hybrid IDS is validated based on the Internet scanner system (ISS).
Biology immune system has some mystic abilities in recognition, learning and mem-
ory. These abilities are of the characters of distribution, self-organization and diversity.
The main AIS principles consist of immune recognition, immune learning, immune
memory, clone selection, diversity generation and maintenance etc. It is generally
deemed that the former four principles form the immune response process of AIS.
Search WWH ::
Custom Search