An Intrinsic Subsequence Decomposition Algorithm for Network Intrusion Detection

Zhu, Y., Ye, M., Liu, N., Zhao, X. and Li, X. (2008). An Intrinsic Subsequence Decomposition Algorithm for Network Intrusion Detection. In: Guo, M., Zhao, L. and Wang, L., Proceedings of the Fourth International Conference on Natural Computation, 2008. ICNC '08.. Fourth International Conference on Natural Computation, 2008, Jinan, PR China, (240-244). 18-20 Oct 2008. doi:10.1109/ICNC.2008.101


Author Zhu, Y.
Ye, M.
Liu, N.
Zhao, X.
Li, X.
Title of paper An Intrinsic Subsequence Decomposition Algorithm for Network Intrusion Detection
Conference name Fourth International Conference on Natural Computation, 2008
Conference location Jinan, PR China
Conference dates 18-20 Oct 2008
Proceedings title Proceedings of the Fourth International Conference on Natural Computation, 2008. ICNC '08.
Journal name Proceedings - 4th International Conference on Natural Computation, ICNC 2008
Place of Publication Los Alamatis, California
Publisher IEEE Computer Society
Publication Year 2008
Sub-type Fully published paper
DOI 10.1109/ICNC.2008.101
Open Access Status
ISBN 978-0-7695-3304-9
Editor Guo, M.
Zhao, L.
Wang, L.
Volume 6
Start page 240
End page 244
Total pages 4
Language eng
Abstract/Summary The problem of network intrusion detection is an active research issue. Based on the techniques of sequence data mining, we propose a completely new approach based on intrinsic subsequence to detect intrusions in the network connection data. An intrinsic subsequence means that all items in it are always present together as a whole in the sequence. The total number of an intrinsic subsequence appeared in a sequence is referred to as absolute support. The intrinsic subsequences with approximate absolute support form a layer. A sequence is supposed to be composed of a set of intrinsic subsequences. And the anomalies are always shown as a composition of some unusual intrinsic subsequences. The abnormal sequence can be detected by decomposing the sequence into a number of layers and finding the differences of the corresponding layers between the normal and suspect sequence data. An original algorithm for intrusion detection by using the idea of decomposition is proposed. The experiments on the data sets of KDD 99 illuminate the utility and efficiency of our new approach.
Subjects E1
890206 Internet Hosting Services (incl. Application Hosting Services)
080201 Analysis of Algorithms and Complexity
Q-Index Code E1
Q-Index Status Confirmed Code

 
Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 0 times in Thomson Reuters Web of Science Article
Scopus Citation Count Cited 1 times in Scopus Article | Citations
Google Scholar Search Google Scholar
Created: Fri, 17 Apr 2009, 19:48:39 EST by Ms Kimberley Nunes on behalf of School of Information Technol and Elec Engineering