Abstract: Misuse detection is the traditional technique used in Network Intrusion Detection Systems (NIDSs) which relies on matching the current behavior of network with pre-defined attacks’ signatures. This technique is effective to detect the majority of known attacks, but fails to protect from unknown threats, such as zero-day exploits. In addition the increasing diversity and polymorphism of network attacks further obstruct modeling signatures, such that there is a high demand for alternative detection techniques. Many researchers are still trying to solve the problem by using new machine learning techniques such as supervised or unsupervised learning; however producing labeled dataset for supervised learning is difficult, also it is difficult to label the generated clusters to normal or abnormal in unsupervised learning. To overcome these issues we have proposed a novel technique by using semi-supervised learning technique which based on the standard deviation of the normal behavior by which we attempt to detect attacks by calculating their deviations from the normal cluster in observed data.


Keywords: Network Intrusion Detection, Anomaly detection, Semi-supervised learning, Standard Deviation.