nach oben

Erschienen in:

2016 | OriginalPaper | Buchkapitel

An Anomaly Detection Model for Network Intrusions Using One-Class SVM and Scaling Strategy

verfasst von : Ming Zhang, Boyi Xu, Dongxia Wang

Erschienen in: Collaborative Computing: Networking, Applications, and Worksharing

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Intrusion detection acts as an effective countermeasure to solve the network security problems. Support Vector Machine (SVM) is one of the widely used intrusion detection techniques. However, the commonly used two-class SVM algorithms are facing difficulties of constructing the training dataset. That is because in many real application scenarios, normal connection records are easy to be obtained, but attack records are not so. We propose an anomaly detection model for network intrusions by using one-class SVM and scaling strategy. The one-class SVM adopts only normal network connection records as the training dataset. The scaling strategy guarantees that the variability of feature values can reflect their importance, thus improving the detection accuracy significantly. Experimental results on KDDCUP99 dataset show that compared to Probabilistic Neural Network (PNN) and C-SVM, our one-class SVM based model achieves higher detection rates and yields average better performance in terms of precision, recall and F-value.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Towards Secure Distributed Hash Table

Nächstes Kapitel Layered Consistency Management for Advanced Collaborative Compound Document Authoring

Symantec Enterprise.: Internet Security Threat Report 2014. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf. accessed 15 April 2015

Cenzic.: Application Vulnerability Trends Report 2014. http://www.cenzic.com/downloads/Cenzic_Vulnerability_Report_2014.pdf. accessed 15 April 2015

Anderson, J.P.: Computer security threat monitoring and surveillance. vol. 17. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)

Axelsson, S.: Intrusion detection systems: A survey and taxonomy. vol. 99. Technical report, 2000

Kruegel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)CrossRef

Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)CrossRef

Li, Y., Li, W., Wu, G.: An intrusion detection approach using SVM and multiple kernel method. Int. J Adv. Comput. Technol. IJACT 4(1), 463–469 (2012)

Li, Y., et al.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)CrossRef

Taylor, C., Alves-Foss, J.: Low cost network intrusion detection (2000)

10.

Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using Bayes estimators. In: SDM (2001)

11.

Shyu, M.-L., et al.: A novel anomaly detection scheme based on principal component classifier. Miami Univ Coral Gables FL Dept of Electrical and Computer Engineering (2003)

12.

Qin, M., Hwang, K.: Frequent episode rules for intrusive anomaly detection with internet datamining. In: USENIX Security Symposium (2004)

13.

Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)CrossRef

14.

Wang, G., et al.: A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst. Appl. 37(9), 6225–6232 (2010)CrossRef

15.

Sinclair, C., Pierce, L., Matzner, S.: An application of machine learning to network intrusion detection. In: 15th Annual Computer Security Applications Conference (ACSAC 1999) Proceedings. IEEE (1999)

16.

Tsai, C.-F., et al.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)CrossRef

17.

Ryan, J., Lin, M.-J., Miikkulainen, R.: Intrusion detection with neural networks. In: Advances in neural information processing systems 943–949 (1998)

18.

Kim, D.S., Park, J.S.: Network-based intrusion detection with support vector machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)CrossRef

19.

Sung, A.H., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: 2003 Symposium on Applications and the Internet, Proceedings, pp. 209–216. IEEE (2003)

20.

Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002. vol. 2. IEEE (2002)

21.

Ambwani, T.: Multi class support vector machine implementation to intrusion detection. In: Proceedings of the International Joint Conference on Neural Networks, vol. 3. IEEE (2003)

22.

Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. Int. J. Very Large Data Bases 16(4), 507–521 (2007)

23.

Horng, S.-J., et al.: A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst. Appl. 38(1), 306–313 (2011)

24.

Schölkopf, B., et al.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443–1471 (2001)MATHCrossRef

25.

Platt, J.: Sequential minimal optimization: a fast algorithm for training support vector machines (1998)

26.

UCI KDD Archive.: KDDCUP99 dataset. http://kdd.ics.uci.edu/databases/kddcup99/. accessed 15 April 2015

27.

MIT Lincoln Laboratory.: DARPA Intrusion Detection Data Sets. http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/index.html. accessed 15 April 2015

28.

Specht, D.F.: Probabilistic neural networks. Neural Netw. 3(1), 109–118 (1990)CrossRef

29.

Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)MATH

30.

Chang, C.-C., Lin, C.-J.: LIBSVM : a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 27:1–27:27 (2011). http://www.csie.ntu.edu.tw/~cjlin/libsvm

Titel: An Anomaly Detection Model for Network Intrusions Using One-Class SVM and Scaling Strategy
verfasst von: Ming Zhang
Boyi Xu
Dongxia Wang
Verlag: Springer International Publishing
Buch: Collaborative Computing: Networking, Applications, and Worksharing
Print ISBN: 978-3-319-28909-0

Electronic ISBN: 978-3-319-28910-6

Copyright-Jahr: 2016
DOI: https://doi.org/10.1007/978-3-319-28910-6_24

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Digitale Lieferkette/© zapp2photo / stock.adobe.com, Arbeitszeit/© granata68 / Fotolia, E-Autos im Fuhrpark: Lohnt sich das noch?/© Petair / stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Sustainibility Finance/© Robert Kneschke / stock.adobe.com / Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.