Distance-based Classification using Average Matching Degree and its Application to Intrusion Detection Systems

Abstract

Network security becomes an extraordinary important issue since various attacks are launched frequently with increased usage of computers and networks in many fields. Therefore, many techniques for intrusion detection have been studied in order to build a secure Internet atmosphere. One of them, that is, the rule-based classification methods usually rank the rules in order of precedence to build the classifier for different classes. When a new data comes and matches with rules, the most confident rule is usually used for the class label of the data. However, simply matching with the most confidence rule leads to lower classification accuracy. In addition, the domain knowledge should be clear and its explicit analysis is necessary in such methods. Therefore, in this paper, the average matching degree is calculated by matching data with rules, i.e., normal rules and misuse intrusion rules in a two dimensional space in order to form more realistic classification model. In this paper, a rule-based classification method using the average matching degree and distance concept has been proposed for classifying unknown network connections into normal, misuse intrusion or anomaly intrusion, where the model uses the distance between a data and rules in the average matching degree space. The benchmark data KDD Cup 1999 and NSL-KDD are used to evaluate the performance of the proposed method.