Anomaly Intrusion Detection System Using Information Theory, K-NN and KMC Algorithms

The huge expans ion in the s ize of internet and the appearance of various types of malicious attack and the in s u ffic iency of traditional security tools like antivirus conduct to the development of intrus ion detection sys tems or IDS. Since current IDSs a re s ignature based they s til are unable to detect new forms of attacks even if these attacks are s lightly deriv e d from known ones . So, recent researches concentrate on developing new techniques, algorithms and IDSs that use inteligent methods . In this paper some anomaly detection engines have been propo s e d based on K-NN, K-Means Clus tering (KMC) algo rithms. Firs tly, by applying information theory measures , network connection features were ranked according t o t heir importance in detecting attack classes like DOS, R2L, U2R, and PROBE. This ranking s trongly helped in selecting only the mos t important fe a t u re s and by consequent decreasing dramaticaly the computation complexit y and eliminating the noise resultant of irrelevant features . Secondly, some anomaly Intrus ion Detection models approaches were propo s e d depending on features selection, k-NN a n d k-means clus tering. These approaches proved their efficiency, where the detection rate was more than 92% and was better than other approaches especialy in detecting dangerous attacks like R2L and U2R.