“…During the last decade, many machine learning and data mining techniques have been applied to IDSs, so that their performance was significantly improved as well as they could be constructed with low cost and effort. Particularly, unsupervised anomaly detection techniques (Eskin et al, 2002;Guan et al, 2003;Laskov et al, 2004;Leung & Leckie, 2005;Li et al, 2003;Oldmeadow et al, 2004;Portnoy et al, 2001;Song et al, 2008a;2009;Wang & Megalooikonomou, 2005) have received remarkable attention, because they are able to construct intrusion detection models without using any labeled training data (i.e., with Jungsuk Song 1 , Hiroki Takakura 2 , Yasuo Okabe 3 and Yongjin Kwon 4 instances preclassified as being an attack or not) in an automated manner, and they also have intrinsic ability to detect 0-day attacks. Furthermore, considering labeled data or purely normal data cannot be obtained easily in practice, it is better to focus on applying unsupervised anomaly detection techniques to the construction of IDSs than supervised ones.…”