A large amount of work has been done on the KDD 99 dataset, most of which includes the use of a hybrid anomaly and misuse detection model done in parallel with each other. In order to further classify the intrusions, our approach to network intrusion detection includes use of two different anomaly detection models followed by misuse detection applied on the combined output obtained from the previous step. The end goal of this is to verify the anomalies detected by the anomaly detection algorithm and clarify whether they are actually intrusions or random outliers from the trained normal (and thus to try and reduce the number of false positives). We aim to detect a pattern in this novel intrusion technique itself, and not the handling of such intrusions. The intrusions were detected to a very high degree of accuracy.
翻译:KDD 99 数据集方面已经做了大量工作,其中多数包括使用混合异常和误用探测模型,为了进一步分类入侵情况,我们的网络入侵探测方法包括使用两种不同的异常探测模型,然后对前一步获得的综合产出进行误用检测,其最终目的是核实异常检测算法所发现的异常现象,并澄清它们是实际入侵还是来自受过训练的正常情况的随机异常(从而尝试和减少假阳性的数量)。我们的目标是检测这种新型入侵技术本身的一种模式,而不是处理这类入侵的情况。