Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
Support Vector Data Description
Machine Learning
Application of SVM and ANN for intrusion detection
Computers and Operations Research
A clustering-based method for unsupervised intrusion detections
Pattern Recognition Letters
Factor-analysis based anomaly detection and clustering
Decision Support Systems
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
A supervised clustering and classification algorithm for mining data with mixed variables
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Density weighted support vector data description
Expert Systems with Applications: An International Journal
Hi-index | 12.05 |
Intrusion detection has become an indispensable tool to keep information systems safe and reliable. Most existing anomaly intrusion detection techniques treat all types of attacks as equally important without any differentiation of the risk they pose to the information system. Although detection of all intrusions is important, certain types of attacks are more harmful than others and their detection is critical to protection of the system. This paper proposes a new one-class classification method with differentiated anomalies to enhance intrusion detection performance for harmful attacks. We also propose new extracted features for host-based intrusion detection based on three viewpoints of system activity such as dimension, structure, and contents. Experiments with simulated dataset and the DARPA 1998 BSM dataset show that our differentiated intrusion detection method performs better than existing techniques in detecting specific type of attacks. The proposed method would benefit even other applications in anomaly detection area beyond intrusion detection.