High-order Markov kernels for intrusion detection

Authors:
Chuanhuan Yin;Shengfeng Tian;Shaomin Mu
Affiliations:
School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, PR China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, PR China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, PR China and School of Information Science and Engineering, Shandong Agricultural University, Taian 2710 ...
Venue:
Neurocomputing
Year:
2008

Citing 6
Cited 3

An introduction to support Vector Machines: and other kernel-based learning methods

An introduction to support Vector Machines: and other kernel-based learning methods
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Text classification using string kernels

The Journal of Machine Learning Research
Intrusion detection using sequences of system calls

Journal of Computer Security
Efficient computations of gapped string kernels based on suffix kernel

Neurocomputing
Probabilistic techniques for intrusion detection based on computer audit data

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

Manifold Mapping Machine

Neurocomputing
Selecting training points for one-class support vector machines

Pattern Recognition Letters
Effects-based feature identification for network intrusion detection

Neurocomputing

Quantified Score

Hi-index	0.01

Visualization

Abstract

In intrusion detection systems, sequences of system calls executed by running programs can be used as evidence to detect anomalies. Markov chain is often adopted as the model in the detection systems, in which high-order Markov chain model is well suited for the detection, but as the order of the chain increases, the number of parameters of the model increases exponentially and rapidly becomes too large to be estimated efficiently. In this paper, one-class support vector machines (SVMs) using high-order Markov kernels are adopted as the anomaly detectors. This approach solves the problem of high-dimension parameter space. Furthermore, a rapid algorithm based on suffix tree is presented for the computation of Markov kernels in linear time. Experimental results show that the SVM with Markov kernels can produce good detection performance with low computational cost.