Abstract

Pattern recognition is the discipline studying the design and operation of systems capable to recognize patterns with specific properties in data sources. Intrusion detection, on the other hand, is in charge of identifying anomalous activities by analyzing a data source, be it the logs of an operating system or in the network traffic. It is easy to find similarities between such research fields, and it is straightforward to think of a way to combine them. As to the descriptions above, we can imagine an Intrusion Detection System (IDS) using techniques proper of the pattern recognition field in order to discover an attack pattern within the network traffic. What we propose in this work is such a system, which exploits the results of research in the field of data mining, in order to discover potential attacks. The paper also presents some experimental results dealing with performance of our system in a real-world operational scenario.