With the explosive growth of the Internet and the increased availability of tools for attacking networks, intrusion detection becomes a critical component of network administration. Intrusion detection systems gather information from a computer or network of computers and attempt to detect intruders or system abuse [16].Generally, an intrusion detection system will notify a human analyst of a possible intrusion and take no further action, but some newer systems take active steps to stop an intruder at the time of detection. There are two major intrusion detection techniques: misuse detection and anomaly detection. Misuse detection discovers attacks based on the patterns extracted from known intrusions. Anomaly detection identifies attacks based on the deviations from the established profiles of normal activities. Activities that exceed thresholds of the deviations are detected as attacks. Misuse detection has low false positive rate, but cannot detect new types of attacks. Anomaly detection can detect unknown attacks, under a basic assumption that attacks deviate from normal behavior.
Intrusion Detection System (IDS), Anomaly Detection, Principle Component Analysis (PCA), Wavelet Analysis, Self – Organizing map (SOM) and Machine Learning
