Application of Local Outlier Factor Algorithm to Detect Anomalies in Computer Network

  • Juozas Auskalnis Kauno technologijos universitetas
  • Nerijus Paulauskas
  • Algirdas Baskys
Keywords: Intrusion detection, Anomaly detection, Local outlier factor.


Gap between the new attack appearance and signature creation for this attack may be critical. During this time, many computer systems may be affected and valuable resources may be lost. Even after signature creation, many computer systems still stay vulnerable because of bad security practice, i.e. patches and updates are not installed as needed. Therefore, anomaly intrusion detection system (IDS) that is capable to detect new unknown attacks is valuable security tool. This paper analyses the use of Local Outlier Factor (LOF) to detect anomalies in the computer network. The application of the LOF algorithm for the detection of anomalies when only normal network data are used for the model training has been demonstrated. Experimental results of different threshold values influence on the anomaly detection accuracy using NSL-KDD dataset is presented.