Anomaly Detection Techniques Based on Statistics.

Anomaly detection techniques can detect novel attacks. This paper proposed two approaches based on statistical techniques. One of them is based on a maximum entropy method, which first educes the distribution of user's normal behavior, then decides the discrimination limit. The other is based on Knearest neighbor (KNN) classifier. It is probabilistic but distribution-free. The preliminary experiments with 1999 DARPA tcpdump data show that both method can effectively detect intrusive attacks. In the end, a comprehensive comparison of these two methods was given. [ABSTRACT FROM AUTHOR]