Abstract

Static security mechanisms such as firewalls can provide a reasonable level of security, but dynamic mechanisms like Intrusion Detection Systems (IDSs) should also be used. Different intrusion detection techniques can be employed to search for attack patterns in the observed data. Misuse detection and anomaly detection are the most commonly used techniques. But they have their own disadvantages. To overcome those issues, hybrid methods are used. Hybrid classifiers are able to provide improved accuracy, but have a complex structure and high computational cost. Hence a new hybrid learning method, that integrates k-means clustering and naïve bayes classification, has been introduced. A relation between the distances from each data sample to a number of centroids found by a clustering algorithm is introduced. This is used to form new features, based on the features of the original data set. These distance sum-based features are then used for classifier training and detection.