ABSTRACT: Proposed a novel online adaptive network anomaly detection model (OANAD). Purely normal dataset is not needed for training. It can process the network traffic data stream in real-time, alert the abnormal traffic, and dynamically build up its local normal pattern base and intrusion pattern base. The model has a relatively simple architecture which makes it efficient for processing online network traffic data. Also the detecting algorithms cost little computational time. The experiment on the KDD 99 intrusion detection datasets shows that our model achieves a detection rate of 90.51% and a false positive rate of only 0.19% within a very short running time.
Computational Sciences and Optimization, 2009. CSO 2009. International Joint Conference on; 05/2009