Making large-scale support vector machine learning practical
Advances in kernel methods
Modeling Network Intrusion Detection System Using Feature Selection and Parameters Optimization
IEICE - Transactions on Information and Systems
Features selection for intrusion detection systems based on support vector machines
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Survey and taxonomy of feature selection algorithms in intrusion detection system
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
An SVM-Based masquerade detection method with online update using co-occurrence matrix
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Building lightweight intrusion detection system based on random forest
ISNN'06 Proceedings of the Third international conference on Advances in Neural Networks - Volume Part III
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Fusions of GA and SVM for anomaly detection in intrusion detection system
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
Quantitative intrusion intensity assessment for intrusion detection systems
Security and Communication Networks
Hi-index | 0.01 |
This paper describes experiences and results applying Support Vector Machine (SVM) to a Computer Intrusion Detection (CID) dataset. This is the second stage of work with this dataset, emphasizing incorporation of anomaly detection in the modeling and prediction of cyber-attacks. The SVMmethod for classification is used as a benchmark method (from previous study [1]), and the anomaly detection approaches compare so-called "one class" SVMs with a thresholded Mahalanobis distance to define support regions. Results compare the performance of the methods, and investigate joint performance of classification and anomaly detection. The dataset used is the DARPA/KDD-99 publicly available dataset of features from network packets classified into non-attack and four attack categories.