Incremental SVM based on reserved set for network intrusion detection
Expert Systems with Applications: An International Journal
Incremental behavior modeling and suspicious activity detection
Pattern Recognition
| Hi-index | 0.00 |
This paper proposed a new anomaly detection algorithm that can update normal profile of system usage pattern dynamically. The feature used to model system’s usage pattern was program behavior. When system usage pattern changed, new program behaviors will be inserted into old profiles by density-based incremental clustering. Compared to traditional re-clustering updating, it is much more efficiently. Experiments with 1998 DARPA BSM audit data, shows that normal profiles generated by our algorithm is less sensitive to noise data objects than profile generated by analogous incremental algorithm ADWICE. So our algorithm shows an incremental detection quality and a much lower false alarm rate.