**5. Issues and challenges in anomaly-based intrusion detection systems**

Although many methods and systems have been developed by the research community, there are still a number of open research issues and challenges. Some of the research issues and challenges of AIDS are as follows:

i. A network anomaly-based IDS should reduce the false alarm rate. But, totally mitigating the false alarm is not possible. Developing an intrusion detection system independent of the environment is another challenge task for the network anomaly-based intrusion detection system development community [9–13].

*fi*

**7.1 Assumptions**

treated as "*STVS*."

*v*1*; fi*

connected with "*val fj*

<sup>∈</sup> *fi*

*val fi*

**43**

Let *f* 1*; f* 2*; f* 3*; :*……*fn*∀*fi* ¼ *fi*

*T* ¼ *t*1*; t*2*; t*3*; :*……*tn*∀*ti* ¼ *val f* <sup>1</sup>

In the description above in Eq. 2, *val fi*

value of the feature. The two features "*val fi*

*vm*

" if and only if *val fi*

**Step 1:** The edge weight between the features *val f* <sup>1</sup>

*w val f* <sup>1</sup>

set of feature categorical values can be measured as:

*E* ¼ *tvsi; valj*

prerogative values are measured.

 \$ *val f* <sup>2</sup> <sup>¼</sup> *ctvs*

**Step 3.1:** Consider matrix u, which denotes pivot initial value as 1.

**Step 2:** The edge weight between transaction value sets and its corresponding

**Step 3:** Further assuming the transaction value sets of the given duplex graph as pivots and the feature categorical values as pure prerogatives, the pivot and

*v*2*;* ……*; fi*

**7.2 Algorithm for FAIS technique**

scope.

*Anomaly-Based Intrusion Detection System DOI: http://dx.doi.org/10.5772/intechopen.82287*

ð Þ *Ak* can be considered as optimal toward assessing the scale of intrusion

It is imperative from the implementation of the above procedure that optimal features of a specific attack *Ak* can be identified. Further, the optimal features are ordered using the canonical correlation values. The values with lower than threshold are considered as optional set of features. Reducing the features leads to lesser computational complexities to the minimal level. The optimal features shall be used

The approach for measuring the proposed feature association support ð Þ *fas* metric considers the network transaction of the training dataset. The feature categorical values used in the network transactions are in the form of two independent sets.

*v*2*; :*………*; fi*

gg

tures values used for forming the set of network transactions *T*. Here *T* is a set of

Categorical values of the set of features related to every network transaction shall be considered as transaction value set *tvs* and all transaction value sets are

*, val f* <sup>2</sup>

be the set of categorical fea-

*vm*

can be expressed as

" and "*val fj*

: *valj* ∈*tvsi; tvsi* ∈ *STVS; valj* ∈ *v* (4)

 *; val fj* <sup>∈</sup>*tvsk*.

. The term "feature" refers to the current categorical

," "*val fi*

and *val f* <sup>2</sup>

<sup>∣</sup>*STVS*<sup>∣</sup> (3)

*, val fi*þ<sup>1</sup>

*,* ……*val f <sup>n</sup>*

" are

is estimated as:

(2)

*, ::*…*val fi*

for further assessing the impact scale intrusion of type *Ak*.

These values are used to develop a duplex graph between them.

network transaction records of the given training set such as:

*v*1*; fi*

**7. Feature association impact scale (FAIS)**

