I. Introduction
The Internet has become rapidly widespread in recent years, while cyber attacks through the Internet has also increased. In order to defend our networks from cyber attacks, many security techniques have been studied, and an intrusion detection system (IDS) is one of such techniques. There are two types of IDSs, i.e., signature-based and anomaly-based IDSs. The former detects attacks by comparing raw traffic data with attack signatures given beforehand. They are widely used and show high performance to already-known attacks, but it is hard for them to detect unknown attacks for which there is no correspondent signature. On the other hand, anomaly-based IDSs can detect such unknown attacks by monitoring the fluctuation of access behavior in network traffic. In spite of such favorable property, there are two major problems in anomaly-based IDSs. One is that they show lower detection rate and higher false positive rate than signature-based ones. The other is that it is hard to prepare an appropriate learning dataset.