A Text Mining-Based Anomaly aZDetection Model in Network Security

Abstract

Anomaly detection systems are extensively used security tools to detect cyber-threats and attack activities in computer systems and networks In this paper we present Text Mining-Based Anomaly Detection TMAD model We discuss n-gram text categorization and focus our attention on a main contribution of method TF-IDF Term frequency inverse document frequency which enhance the performance commonly term weighting schemes are used where the weights reflect the importance of a word in a specific document of the considered collection Mahalanobis Distances Map MDM and Support Vector Machine SVM are used to discover hidden correlations between the features and among the packet payloads Experiments have been accomplished to estimate the performance of TMAD against ISCX dataset 2012 intrusion detection evaluation dataset The results show TMAD has good accuracy