Internet Anomaly Detection with Weighted Fuzzy Matching over Frequent Episode Rules

Recent attacks demonstrated that network intrusions have become a major threat to Internet. Systems are employed to detect internet anomaly play a vital role in Internet security. To solve this problem, a technique called frequent episode rules (FERs) base on data mining has been introduced into anomaly detection system (ADS). These episode rules are used to distinguish anomalous sequences of TCP, UDP, or ICMP connections from normal traffic episodes. Unfortunately, this technique is so depend on the machine learning that we may get some false alarms if the results of machine learning cannot cover all the normal traffic data. In this paper, we introduce a new approach for Internet anomaly detection with weighted fuzzy matching over frequent episode rules. We use weighted fuzzy matching algorithm to match the rules, though machine learning may not cover all the normal traffic. The results show that the proposed approach can improve the detection performance of the ADS, where only pure frequent episode rule is used.