Edinburgh Napier University

  The popularity of using internet contains some risks of network attacks. It has attracted the attention of many researchers to overcome this problem. One of the effective ways that plays an important role to achieve higher security and protect networks against attacks is the use of intrusion detection systems. Intrusion detection systems are defined as security techniques that tend to detect individuals who are trying to sneak into a system without authorization. However, one technical challenge in intrusion detection systems is high rate of false positive alarms which affect their performance. To solve this problem, we propose an effective method, which can accurately find the correlation between network records. In this work, we compare the results using a linear measure and a nonlinear measure based on correlation coefficient and mutual information. Experiments on KDD Cup 99 data set show that our proposed method using the nonlinear correlation measure can not only reduce the rate of false alarms but also efficiently distinguish normal and abnormal behaviors, and provide higher detection and accuracy rate then using the linear correlation measure.