STUDY SPACE
A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection

A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection

| Aleksandar Lazarevic*, Levent Ertoz*, Aysel Ozgur*, Vipin Kumar*, Jaideep Srivastava*
This paper presents a comparative study of various anomaly detection schemes for identifying network intrusions. The study evaluates both supervised and unsupervised methods on the DARPA 1998 dataset and real network data using standard evaluation techniques and specific metrics suitable for detecting attacks involving a large number of connections. The experimental results indicate that some anomaly detection schemes, particularly the Local Outlier Factor (LOF) approach, show promising performance in detecting novel intrusions in both datasets. The LOF approach outperforms other methods in detecting bursty attacks and single-connection attacks, with high detection rates and low false alarm rates. The paper also discusses the limitations of the Mahalanobis-based approach and suggests improvements, such as partitioning normal behavior into multiple distributions. Additionally, the LOF approach is shown to be effective in detecting novel intrusions on real network data, including attacks that were not detected by state-of-the-art systems like SNORT. The study concludes with recommendations for future research, emphasizing the need for developing more efficient anomaly detection algorithms and combining them with existing intrusion detection systems to enhance overall security.This paper presents a comparative study of various anomaly detection schemes for identifying network intrusions. The study evaluates both supervised and unsupervised methods on the DARPA 1998 dataset and real network data using standard evaluation techniques and specific metrics suitable for detecting attacks involving a large number of connections. The experimental results indicate that some anomaly detection schemes, particularly the Local Outlier Factor (LOF) approach, show promising performance in detecting novel intrusions in both datasets. The LOF approach outperforms other methods in detecting bursty attacks and single-connection attacks, with high detection rates and low false alarm rates. The paper also discusses the limitations of the Mahalanobis-based approach and suggests improvements, such as partitioning normal behavior into multiple distributions. Additionally, the LOF approach is shown to be effective in detecting novel intrusions on real network data, including attacks that were not detected by state-of-the-art systems like SNORT. The study concludes with recommendations for future research, emphasizing the need for developing more efficient anomaly detection algorithms and combining them with existing intrusion detection systems to enhance overall security.
Terms of Service
Privacy Policy
Reach us at info@study.space