| The task of an intrusion detection system (IDS) is to monitor the running of the networks according to some pre-specified policy and try to find the intrusive activities so as to protect the confidentiality, integrity and usability of the network resources.From the perspective of the triggering mechanism, intrusion detection can be categorized into anomaly detection and misuse detection. While the former detects intrusions by checking the deviation of the current activities from the established normal profiles, the latter identifies attacks by means of the degree to which current network activities match the signatures of known intrusions. For anomaly detection, the biggest shortcoming is a substantial false alarm rate. For misuse detection, its main drawback is an inherent inability to detect unknown intrusions.An IDS tend to raise a huge volume of alerts during its running, a large part of which are false alerts. This not only greatly increases the workload of post-detection analysis and decision-making, but also makes the identification of intrusions more difficult. For multiple-stage distributed network intrusions (such as DDoS), the situation is even more severe since true intrusions tend to be overwhelmed by the large amount of alerts.To attack these problems, we first propose an intrusion detection method based on the Maximum Entropy (ME) Model. ME model, a flexible probability estimation method, offers a compact and accommodable frame to incorporate diverse evidences. It also has the appealing characteristics of besting fitting the available data while assuming nothing of the unknown. Extensive experiments conducted over the UCI KDD benchmark dataset showed that our intrusion detection approach was comparable to SVM, and better than C4.5 and naive Bayes classifier. In addition, our approach achieved high detecting performance over all datasets and thus demonstrates the potential to be a promising detection technique.
|
PDF Full Text Request