On-Line Intrusion Detection Model Based on Approximate Linear Dependent Condition with Linear Latent Feature Extraction

Most of the intrusion detection models (IDM) are constructed with off-line training data. Time-variance characteristic of the practical network system cannot be embodied in the off-line constructed IDM. On-line updating of the off-line IDM with the valued new samples is very necessary. In this paper, a new on-line instruction detection model based on approximate linear dependent (ALD) condition with linear latent feature extraction is proposed to address this problem. Specifically, the valued samples which can represent drift of the practical network are indentified with ALD and prior knowledge. Then, these selected samples are used to update the off-line IDM based on on-line latent feature extraction method and fast machine learning algorithm with sample-based updating strategy. Experiments based on KDD99 data are used to validate the proposed approach.