| This thesis employs SPOT (Stream Projected Outlier deTector) as a prototype system for anomaly-based intrusion detection and evaluates its performance against other major methods. SPOT is adopted to distinguish between normal processes and abnormal processes, and then applied to a UNIX System Call Dataset. SPOT has unique merit to deal with the following critical challenges: 1) Previous approaches to network intrusion detection have proved to be inflexible for novel attacks, and 2) most existing systems are unable to handle high dimensional data streams in real time. SPOT is designed to process high dimensional data streams and able to detect novel attacks which exhibit abnormal behaviour, making it a high-quality choice for this field. The main contribution of this thesis is that it shows that SPOT is effective on handling System Call Data as a dynamic data modelling method. |
