An Intrinsic Subsequence Decomposition Algorithm for Network Intrusion Detection

Abstract

The problem of network intrusion detection is an active research issue. Based on the techniques of sequence data mining, we propose a completely new approach based on intrinsic subsequence to detect intrusions in the network connection data. An intrinsic subsequence means that all items in it are always present together as a whole in the sequence. The total number of an intrinsic subsequence appeared in a sequence is referred to as absolute support. The intrinsic subsequences with approximate absolute support form a layer. A sequence is supposed to be composed of a set of intrinsic subsequences. And the anomalies are always shown as a composition of some unusual intrinsic subsequences. The abnormal sequence can be detected by decomposing the sequence into a number of layers and finding the differences of the corresponding layers between the normal and suspect sequence data. An original algorithm for intrusion detection by using the idea of decomposition is proposed. The experiments on the data sets of KDD 99 illuminate the utility and efficiency of our new approach

Similar works

Full text

thumbnail-image

University of Queensland eSpace

redirect
Last time updated on 30/08/2013

This paper was published in University of Queensland eSpace.

Having an issue?

Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.