Sequence-similarity kernels for SVMs to detect anomalies in system calls

Authors:
Shengfeng Tian;Shaomin Mu;Chuanhuan Yin
Affiliations:
School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, PR China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, PR China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, PR China
Venue:
Neurocomputing
Year:
2007

Citing 11
Cited 2

The nature of statistical learning theory

The nature of statistical learning theory
A fast bit-vector algorithm for approximate string matching based on dynamic programming

Journal of the ACM (JACM)
An introduction to support Vector Machines: and other kernel-based learning methods

An introduction to support Vector Machines: and other kernel-based learning methods
A guided tour to approximate string matching

ACM Computing Surveys (CSUR)
Fast Multipattern Search Algorithms for Intrusion Detection

SPIRE '00 Proceedings of the Seventh International Symposium on String Processing Information Retrieval (SPIRE'00)
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Text classification using string kernels

The Journal of Machine Learning Research
Word sequence kernels

The Journal of Machine Learning Research
Profile-Based String Kernels for Remote Homology Detection and Motif Extraction

CSB '04 Proceedings of the 2004 IEEE Computational Systems Bioinformatics Conference
Efficient Computation of Gapped Substring Kernels on Large Alphabets

The Journal of Machine Learning Research
Intrusion detection using sequences of system calls

Journal of Computer Security

Combination of generative models and SVM based classifier for speech emotion recognition

IJCNN'09 Proceedings of the 2009 international joint conference on Neural Networks
Towards adjusting mobile devices to user's behaviour

MSM'10/MUSE'10 Proceedings of the 2010 international conference on Analysis of social media and ubiquitous data

Quantified Score

Hi-index	0.01

Visualization

Abstract

In intrusion detection systems (IDSs), short sequences of system calls executed by running programs can be used as evidence to detect anomalies. In this paper, one-class support vector machines (SVMs) using sequence-similarity kernels are adopted as the anomaly detectors. Edit distance-based kernel and common subsequence-based kernel are proposed to utilize the sequence information in the detection. Algorithms for efficient computation of the kernels are derived with the techniques of dynamic programming and bit-parallelism. The experimental results indicate that the proposed kernels can significantly outperform the standard RBF kernel.