Intrusion Detection systems (IDSs) have previously been built by hand. These systems have difficulty successfully classifying intruders, and require a significant amount of computational overhead making it difficult to create robust real-time IDS systems. Artificial Intelligence techniques can reduce the human effort required to build these systems and can improve their performance. Learning and induction are used to improve the performance of search problems, while clustering has been used for data analysis and reduction. AI has recently been used in Intrusion Detection (ID) for anomaly detection, data reduction and induction, or discovery, of rules explaining audit data. We survey uses of artificial intelligence methods in ID, and present an example using feature selection to improve the classification of network connections. The network connection classification problem is related to ID since intruders can create "private" communications services undetectable by normal means. We als...

This paper proposes a framework for deriving users' profiles of typical behaviour and detecting atypical transactions which may constitute fraudulent events or simply a change in user's behaviour. The anomaly detection problem is presented and previous attempts to address it are discussed. The proposed approach proves that individual users profiles can be constructed and provides an algorithm that derives users' profiles and an algorithm to identify atypical transactions. Lower and upper bounds for the number of misclassifications are also provided. An evaluation of this approach is discussed and some issues for further research are outlined. 1