A study of retrospective and on-line event detection
Proceedings of the 21st annual international ACM SIGIR conference on Research and development in information retrieval
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Anomaly-based intrusion detection: privacy concerns and other problems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
A Tutorial on Support Vector Machines for Pattern Recognition
Data Mining and Knowledge Discovery
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
Detecting Concept Drift with Support Vector Machines
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Fusion of multiple classifiers for intrusion detection in computer networks
Pattern Recognition Letters
A System for new event detection
Proceedings of the 26th annual international ACM SIGIR conference on Research and development in informaion retrieval
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Estimating the Support of a High-Dimensional Distribution
Neural Computation
Intrusion detection using sequences of system calls
Journal of Computer Security
Robust support vector machine with bullet hole image classification
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Probabilistic techniques for intrusion detection based on computer audit data
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
The analysis of decomposition methods for support vector machines
IEEE Transactions on Neural Networks
Integrating real-time analysis with the dendritic cell algorithm through segmentation
Proceedings of the 11th Annual conference on Genetic and evolutionary computation
A triangle area based nearest neighbors approach to intrusion detection
Pattern Recognition
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
Constructing attribute weights from computer audit data for effective intrusion detection
Journal of Systems and Software
An effective method of pruning support vector machine classifiers
IEEE Transactions on Neural Networks
Incremental SVM based on reserved set for network intrusion detection
Expert Systems with Applications: An International Journal
Mutual information-based feature selection for intrusion detection systems
Journal of Network and Computer Applications
A differentiated one-class classification method with applications to intrusion detection
Expert Systems with Applications: An International Journal
An SVM-Based masquerade detection method with online update using co-occurrence matrix
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Online internet intrusion detection based on flow statistical characteristics
KSEM'11 Proceedings of the 5th international conference on Knowledge Science, Engineering and Management
Hi-index | 0.25 |
As intrusion detection essentially can be formulated as a binary classification problem, it thus can be solved by an effective classification technique-Support Vector Machine (SVM). Additionally, some text processing techniques can also be employed for intrusion detection, based on the characterization of the frequencies of the system calls executed by the privileged programs. Based on the intersection of these two research domains, i.e. pattern recognition and text categorization, and breaking the strong traditional assumption that training data for intrusion detectors are readily available with high quality in batch, the conventional SVM, Robust SVM and one-class SVM have been modified respectively based on the idea from Online SVM in this paper, and their performances are compared with that of the original algorithms. After elaborate theoretical analysis, concrete experiments with 1998 DARPA BSM data set collected at MIT's Lincoln Labs are carried out. These experiments verify that the modified SVMs can be trained online and the results outperform the original ones with fewer support vectors (SVs) and less training time without decreasing detection accuracy. Both of these achievements could significantly benefit an effective online intrusion detection system.