With the development of internet, numbers of the internet attacks has increased substantially. Internet attacks can mainly be classified into four major categories: (1) denial-of-service (DOS), e.g. Synchronize (SYN) flood; (2) unauthorized access from a remote machine (Remote-to-Local (R2L), e.g. guessing password; (3) unauthorized access to local super user (root) privileges (User-to-Root (U2R)), e.g. various “buffer overflow” attacks and (4) probing.
In order to detect the aforesaid intrusion activity, different approaches have been proposed. Shuyuan Jin proposed two statistical supervised learning approaches: a proposed threshold based detection approach and a traditional decision tree approach in covariance feature space. Wei Wang uses the Principal Component Analysis to reduce the dimensionality of the data vectors and identification is handled in a low dimensional space with high efficiency and low use of system resources. The normal behavior is profiled based on normal data for anomaly detection and models of each type of attack are built based on attack data for intrusion identification. These approaches usually perform better in the aspect of detecting DOS and probing when comparing with detecting R2L and U2R.