A Fuzzy Kernel-Based Method for Real-Time Network Intrusion Detection

  • Mikhail Petrovskiy
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2877)


Most existing intrusion detection systems use signature-based approach to detect intrusions in audit data streams. This approach has a serious drawback. It cannot protect against novel types of attacks. Thereby there is a growing interest to application of data mining and machine learning methods to intrusion detection. This paper presents a new method for mining outliers designed for application in network intrusion detection systems. This method involves kernel-based fuzzy clustering technique. Network audit records are considered as vectors with numeric and nominal attributes. These vectors are implicitly mapped by means of a special kernel function into a high dimensional feature space, where the possibilistic clustering algorithm is applied to calculate the measure of ”typicalness” and to discover outliers. The performance of the suggested method is evaluated experimentally over KDD CUP 1999 data set.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Denning, D.E.: An intrusion detection model. IEEE Transactions on Software Engineering SE-13, 222–232 (1987)CrossRefGoogle Scholar
  2. 2.
    Krishnapuram, R., Keller, J.M.: A Possibilistic Approach to Clustering. IEEE Trans. Fuzzy Systems 1(1), 98–110 (1993)CrossRefGoogle Scholar
  3. 3.
    Scholkopf, B., Smola, A.: Learning with kernels: Support Vector Machines, Regularization, Optimization and Beyond. The MIT Press, Cambridge (2000)Google Scholar
  4. 4.
    Ben-Hur, A., Horn, D., Siegelmann, H.T., Vapnik, V.: Support vector clustering. Journal of Machine learning Research 2, 125–137 (2001)CrossRefGoogle Scholar
  5. 5.
    Girolami, M.: Mercer Kernel Based Clustering in Feature Space. EEE Transactions on Neural Networks 13(4), 780–784 (2001)Google Scholar
  6. 6.
    Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)Google Scholar
  7. 7.
    Inoue, T., Abe, S.: Fuzzy Support Vector Machine for Pattern Classification. In: Proc. of IJCNN, pp. 1449–1455 (2001)Google Scholar
  8. 8.
    The third international knowledge discovery and data mining tools competition dataset KDD99-Cup (1999),
  9. 9.
    Kumar, V.: Data Mining for Network Intrusion Detection. In: Presentation at NSF Workshop on Next Generation Data Mining, November 1-3 (2002)Google Scholar
  10. 10.
    Eskin, E.: Anomaly detection over noisy data using learned probability distributions. In: Proceedings of the International Conference on Machine Learning (2000)Google Scholar
  11. 11.
    Ghosh, A., Schwartzband, A.: A study in using neural networks for anomaly and misuse detection. In: Proceedings of 8th USENIX Security Symposium (1999)Google Scholar
  12. 12.
    Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., S., H., Hershkop, S., Zhang, J.: Real Time Data Mining-based Intrusion Detection. In: Proceedings of DISCEX II (2001)Google Scholar
  13. 13.
    Balcazar, J., Dai, Y., Watanabe, O.: A random sampling technique for training support vector machines. In: Abe, N., Khardon, R., Zeugmann, T. (eds.) ALT 2001. LNCS (LNAI), vol. 2225, p. 119. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Jin, W., Tung, A., Han, J.: Mining top-n local outliers in large databases. In: 7th ACM SIGKDD International Conference on KDD and Data Mining, pp. 293–298 (2001)Google Scholar
  15. 15.
    Girolami, M., He, C.: Probability Density Estimation from Optimally Condensed Data Samples. Computing & Information Systems Technical Reports (2002) ISSN-1461-6122Google Scholar
  16. 16.
    Ruspini, E.H.: Recent developments in fuzzy clustering. In: Yager, R.R. (ed.) Fuzzy Set and Possibility Theory: Recent Developments, pp. 133–147. Pergamon Press, New York (1982)Google Scholar
  17. 17.
    Marichal, J.-L.: On Sugeno integral as an aggregation function. Fuzzy Sets and Systems 114, 347–365 (2000)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Mikhail Petrovskiy
    • 1
  1. 1.Computer Science Department of Lomonosov Moscow State UniversityMoscowRussia

Personalised recommendations