Automatic feature selection for anomaly detection

Authors:
Marius Kloft;Ulf Brefeld;Patrick Düessel;Christian Gehl;Pavel Laskov
Affiliations:
TU Berlin, Berlin, Germany;TU Berlin, Berlin, Germany;Fraunhofer Institute FIRST, Berlin, Germany;Fraunhofer Institute FIRST, Berlin, Germany;Fraunhofer Institute FIRST, Berlin, Germany
Venue:
Proceedings of the 1st ACM workshop on Workshop on AISec
Year:
2008

Citing 15
Cited 2

A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Learning nonstationary models of normal network traffic for detecting novel attacks

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
An introduction to variable and feature selection

The Journal of Machine Learning Research
Sufficient dimensionality reduction

The Journal of Machine Learning Research
Learning Rules for Anomaly Detection of Hostile Network Traffic

ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Support Vector Data Description

Machine Learning
Multiple kernel learning, conic duality, and the SMO algorithm

ICML '04 Proceedings of the twenty-first international conference on Machine learning
binpac: a yacc for writing application protocol parsers

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Feature Subset Selection and Ranking for Data Dimensionality Reduction

IEEE Transactions on Pattern Analysis and Machine Intelligence
Large Scale Multiple Kernel Learning

The Journal of Machine Learning Research
Multiclass multiple kernel learning

Proceedings of the 24th international conference on Machine learning
DRFE: dynamic recursive feature elimination for gene identification based on random forest

ICONIP'06 Proceedings of the 13th international conference on Neural information processing - Volume Part III
Detecting unknown network attacks using language models

DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Anagram: a content anomaly detector resistant to mimicry attack

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Anomaly detection in wireless sensor networks: A survey

Journal of Network and Computer Applications
A layered detection method for malware identification

NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coefficients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-infinite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.