High-order markov kernels for network intrusion detection

Authors:
Shengfeng Tian;Chuanhuan Yin;Shaomin Mu
Affiliations:
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, P.R. China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing, P.R. China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing, P.R. China
Venue:
ICONIP'06 Proceedings of the 13th international conference on Neural information processing - Volume Part III
Year:
2006

Citing 5
Cited 0

An introduction to support Vector Machines: and other kernel-based learning methods

An introduction to support Vector Machines: and other kernel-based learning methods
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Text classification using string kernels

The Journal of Machine Learning Research
Intrusion detection using sequences of system calls

Journal of Computer Security
Probabilistic techniques for intrusion detection based on computer audit data

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

Quantified Score

Hi-index	0.01

Visualization

Abstract

In intrusion detection systems, sequences of system calls executed by running programs can be used as evidence to detect anomalies. Markov chain is often adopted as the model in the detection systems, in which high-order Markov chain model is well suited for the detection, but as the order of the chain increases, the number of parameters of the model increases exponentially and rapidly becomes too large to be estimated efficiently. In this paper, oneclass support vector machines (SVMs) using high-order Markov kernel are adopted as the anomaly detectors. This approach solves the problem of high dimension parameter space. Experiments show that this system can produce good detection performance with low computational overhead.