A Network Anomaly Detection Method Based on Transduction Scheme
基于直推式方法的网络异常检测方法

Network anomaly detection has been an active and difficult research topic in the field of intrusion detection for many years. Up to now,high false alarm rate,requirement of high quality data for modeling the normal patterns and the deterioration of detection rate because of some "noisy" data in the training set still make it not perform as well as expected in practice. This paper presents a novel network anomaly detection method based on improved TCM-KNN (transductive confidence machines for K-nearest neighbors) machine learning algorithm,which can effectively detect anomalies using normal data for training. A series of experiments on well known KDD Cup 1999 dataset demonstrate that it has lower false positive rate,especially higher confidence under the condition of ensuring high detection rate than the traditional anomaly detection methods. In addition,even provided with training dataset contaminated by "noisy" data,the proposed method still holds good detection performance. Furthermore,it can be optimized without obvious loss of detection performance by adopting small dataset for training and employing feature selection aiming at avoiding the "curse of dimensionality".