An introduction to support Vector Machines: and other kernel-based learning methods
An introduction to support Vector Machines: and other kernel-based learning methods
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Text classification using string kernels
The Journal of Machine Learning Research
Intrusion detection using sequences of system calls
Journal of Computer Security
Probabilistic techniques for intrusion detection based on computer audit data
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Neurocomputing
Selecting training points for one-class support vector machines
Pattern Recognition Letters
Hi-index | 0.01 |
In intrusion detection systems, sequences of system calls executed by running programs can be used as evidence to detect anomalies. Markov chain is often adopted as the model in the detection systems, in which high-order Markov chain model is well suited for the detection, but as the order of the chain increases, the number of parameters of the model increases exponentially and rapidly becomes too large to be estimated efficiently. In this paper, one-class support vector machines (SVMs) using high-order Markov kernels are adopted as the anomaly detectors. This approach solves the problem of high-dimension parameter space. Furthermore, a rapid algorithm based on suffix tree is presented for the computation of Markov kernels in linear time. Experimental results show that the SVM with Markov kernels can produce good detection performance with low computational cost.