A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
An introduction to variable and feature selection
The Journal of Machine Learning Research
Sufficient dimensionality reduction
The Journal of Machine Learning Research
Learning Rules for Anomaly Detection of Hostile Network Traffic
ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Support Vector Data Description
Machine Learning
Multiple kernel learning, conic duality, and the SMO algorithm
ICML '04 Proceedings of the twenty-first international conference on Machine learning
binpac: a yacc for writing application protocol parsers
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Feature Subset Selection and Ranking for Data Dimensionality Reduction
IEEE Transactions on Pattern Analysis and Machine Intelligence
Large Scale Multiple Kernel Learning
The Journal of Machine Learning Research
Multiclass multiple kernel learning
Proceedings of the 24th international conference on Machine learning
DRFE: dynamic recursive feature elimination for gene identification based on random forest
ICONIP'06 Proceedings of the 13th international conference on Neural information processing - Volume Part III
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Anomaly detection in wireless sensor networks: A survey
Journal of Network and Computer Applications
A layered detection method for malware identification
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
Hi-index | 0.00 |
A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coefficients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-infinite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.