A fuzzy measure for intrusion and anomaly detection

Abstract

Finding intrusion and anomalies in networks is a problem of wide research interest both from academia and software industry. This work has three contributions. The first contribution is a dissimilarity measure for intrusion detection. The dissimilarity measure is also applied to achieve evolutionary clustering and dimensionality reduction of system calls. Earlier works in evolutionary clustering used basic Gaussian membership function to incrementally cluster by randomly assuming the initial deviation. This work aims at achieving evolutionary clustering by defining the expression to choose, initial deviation by eliminating the need to assume the standard deviation. Finally classification may also be performed using the proposed dissimilarity measure.