A differentiated one-class classification method with applications to intrusion detection

Authors:
Inho Kang;Myong K. Jeong;Dongjoon Kong
Affiliations:
Dongdaemun-ku, Korea Institute for Defense Analysis (KIDA), Seoul 130-650, Korea;Department of Industrial and Systems Engineering & RUTCOR, Rutgers University, Piscataway, NJ 08854, United States;Department of Industrial and Information Engineering, University of Tennessee, Knoxville, TN 37996, United States
Venue:
Expert Systems with Applications: An International Journal
Year:
2012

Citing 9
Cited 1

Specification-based anomaly detection: a new approach for detecting network intrusions

Proceedings of the 9th ACM conference on Computer and communications security
Support Vector Data Description

Machine Learning
Application of SVM and ANN for intrusion detection

Computers and Operations Research
A clustering-based method for unsupervised intrusion detections

Pattern Recognition Letters
Factor-analysis based anomaly detection and clustering

Decision Support Systems
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Application of online-training SVMs for real-time intrusion detection with different considerations

Computer Communications
A sense of self for Unix processes

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
A supervised clustering and classification algorithm for mining data with mixed variables

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

Density weighted support vector data description

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	12.05

Visualization

Abstract

Intrusion detection has become an indispensable tool to keep information systems safe and reliable. Most existing anomaly intrusion detection techniques treat all types of attacks as equally important without any differentiation of the risk they pose to the information system. Although detection of all intrusions is important, certain types of attacks are more harmful than others and their detection is critical to protection of the system. This paper proposes a new one-class classification method with differentiated anomalies to enhance intrusion detection performance for harmful attacks. We also propose new extracted features for host-based intrusion detection based on three viewpoints of system activity such as dimension, structure, and contents. Experiments with simulated dataset and the DARPA 1998 BSM dataset show that our differentiated intrusion detection method performs better than existing techniques in detecting specific type of attacks. The proposed method would benefit even other applications in anomaly detection area beyond intrusion detection.