Application of online-training SVMs for real-time intrusion detection with different considerations

Authors:
Zonghua Zhang;Hong Shen
Affiliations:
School of Information Science, Japan Advanced Institute of Science and Technology, 1-1, Asahidai, Nomi, Ishikawa 923-1292, Japan;School of Information Science, Japan Advanced Institute of Science and Technology, 1-1, Asahidai, Nomi, Ishikawa 923-1292, Japan
Venue:
Computer Communications
Year:
2005

Citing 19
Cited 11

A study of retrospective and on-line event detection

Proceedings of the 21st annual international ACM SIGIR conference on Research and development in information retrieval
The base-rate fallacy and the difficulty of intrusion detection

ACM Transactions on Information and System Security (TISSEC)
Anomaly-based intrusion detection: privacy concerns and other problems

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Constructing attack scenarios through correlation of intrusion alerts

Proceedings of the 9th ACM conference on Computer and communications security
A Tutorial on Support Vector Machines for Pattern Recognition

Data Mining and Knowledge Discovery
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection

IEEE Transactions on Computers
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse

IEEE Transactions on Software Engineering
Detecting Concept Drift with Support Vector Machines

ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Learning Program Behavior Profiles for Intrusion Detection

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Fusion of multiple classifiers for intrusion detection in computer networks

Pattern Recognition Letters
A System for new event detection

Proceedings of the 26th annual international ACM SIGIR conference on Research and development in informaion retrieval
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Estimating the Support of a High-Dimensional Distribution

Neural Computation
Intrusion detection using sequences of system calls

Journal of Computer Security
Robust support vector machine with bullet hole image classification

IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Probabilistic techniques for intrusion detection based on computer audit data

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
The analysis of decomposition methods for support vector machines

IEEE Transactions on Neural Networks

Integrating real-time analysis with the dendritic cell algorithm through segmentation

Proceedings of the 11th Annual conference on Genetic and evolutionary computation
A triangle area based nearest neighbors approach to intrusion detection

Pattern Recognition
Review: Intrusion detection by machine learning: A review

Expert Systems with Applications: An International Journal
Constructing attribute weights from computer audit data for effective intrusion detection

Journal of Systems and Software
An effective method of pruning support vector machine classifiers

IEEE Transactions on Neural Networks
Incremental SVM based on reserved set for network intrusion detection

Expert Systems with Applications: An International Journal
Mutual information-based feature selection for intrusion detection systems

Journal of Network and Computer Applications
A differentiated one-class classification method with applications to intrusion detection

Expert Systems with Applications: An International Journal
An SVM-Based masquerade detection method with online update using co-occurrence matrix

DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Online internet intrusion detection based on flow statistical characteristics

KSEM'11 Proceedings of the 5th international conference on Knowledge Science, Engineering and Management
On the detection of card-sharing traffic through wavelet analysis and Support Vector Machines

Applied Soft Computing

Quantified Score

Hi-index	0.25

Visualization

Abstract

As intrusion detection essentially can be formulated as a binary classification problem, it thus can be solved by an effective classification technique-Support Vector Machine (SVM). Additionally, some text processing techniques can also be employed for intrusion detection, based on the characterization of the frequencies of the system calls executed by the privileged programs. Based on the intersection of these two research domains, i.e. pattern recognition and text categorization, and breaking the strong traditional assumption that training data for intrusion detectors are readily available with high quality in batch, the conventional SVM, Robust SVM and one-class SVM have been modified respectively based on the idea from Online SVM in this paper, and their performances are compared with that of the original algorithms. After elaborate theoretical analysis, concrete experiments with 1998 DARPA BSM data set collected at MIT's Lincoln Labs are carried out. These experiments verify that the modified SVMs can be trained online and the results outperform the original ones with fewer support vectors (SVs) and less training time without decreasing detection accuracy. Both of these achievements could significantly benefit an effective online intrusion detection system.