The nature of statistical learning theory
The nature of statistical learning theory
Pairwise classification and support vector machines
Advances in kernel methods
An introduction to support Vector Machines: and other kernel-based learning methods
An introduction to support Vector Machines: and other kernel-based learning methods
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Proximal support vector machine classifiers
Proceedings of the seventh ACM SIGKDD international conference on Knowledge discovery and data mining
Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint
Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint
A Tutorial on Support Vector Machines for Pattern Recognition
Data Mining and Knowledge Discovery
Winning the KDD99 classification cup: bagged boosting
ACM SIGKDD Explorations Newsletter
A data mining framework for constructing features and models for intrusion detection systems (computer security, network security)
An anomaly intrusion detection method using the CSI-KNN algorithm
Proceedings of the 2008 ACM symposium on Applied computing
The use of artificial intelligence based techniques for intrusion detection: a review
Artificial Intelligence Review
Minimal complexity attack classification intrusion detection system
Applied Soft Computing
The use of artificial-intelligence-based ensembles for intrusion detection: a review
Applied Computational Intelligence and Soft Computing
| Hi-index | 0.00 |
We introduced a three-tier architecture of intrusion detection system which consists of a blacklist, a whitelist and a multi-class support vector machine classifier. The first tier is the blacklist that will filter out the known attacks from the traffic and the whitelist identifies the normal traffics. The rest traffics, the anomalies detected by the whitelist, were then be classified by a multi-class SVM classifier into four categories: PROBE, DoS, R2L and U2R. Many data mining and machine learning techniques were applied here. We design this three-tier IDS based on the KDD'99 benchmark dataset. Our system has 94.71% intrusion detection rate and 93.52% diagnosis rate. The averag cost for each connection is 0.1781. All of these results are better than those of KDD'99 winner's. Our three-tier architecture design also provides the flexibility for the practical usage. The network system administrator can add the new patterns into the blacklist and allows to do fine tuning of the whitelist according to the environment of their network system and security policy.