Abstract
This paper describes experiences and results applying Support Vector Machine (SVM) to a Computer Intrusion Detection (CID) dataset. This is the second stage of work with this dataset, emphasizing incorporation of anomaly detection in the modeling and prediction of cyber-attacks. The SVM method for classification is used as a benchmark method (from previous study [1] ), and the anomaly detection approaches compare so-called “one class” SVMs with a thresholded Mahalanobis distance to define support regions. Results compare the performance of the methods, and investigate joint performance of classification and anomaly detection. The dataset used is the DARPA/KDD-99 publicly available dataset of features from network packets classified into non-attack and four attack categories.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mike Fugate, James R. Gattiker, “Detecting Attacks in Computer Networks”, Los Alamos National Laboratory Technical Report, LA-UR-02-1149.
Richard P. Lippmann et al., “Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation”, Proc of the DARPA Information Survivability Conf., vol. 2, pp. 12–26, 1999.
Trevor Hastie, Robert Tibshirani, Jerome Friedman, The Elements of Statistical Learning: Data Mining, Inference, and Prediction, Springer-Verlag, 2001.
Ronald Christensen (1996), Plane Answers to Complex Questions: The Theory of Linear Models, Second Edition. New York: Springer-Verlag.
Ronald Christensen (2001), Advanced Linear Modeling, Second Edition. New York: Springer-Verlag.
Bernhard Schölkopf, et al. (2000). “Estimating the Support of a High-Dimensional Distribution”, Technical report MSR-TR-99-87, Microsoft Research, Microsoft Corporation.
C. Chang, C. Lin, ”LIBSVM: a library for support vector machines”, http://www.csie.ntu.edu.tw/cjlin/papers/libsvm.ps.gz
T. Joachims, “Making large-Scale SVM Learning Practical”, Advances in Kernel Methods-Support Vector Learning, B. Schölkopf and C. Burges and A. Smola (ed.), MIT-Press, 1999.
M. Gokhale, D. Dubois, A. Dubois, M. Boorman, ”Gigabit Rate Network Intrusion Detection Technology”, Los Alamos National Laboratory Technical Report, LA-UR-01-6185.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fugate, M., Gattiker, J.R. (2002). Anomaly Detection Enhanced Classification in Computer Intrusion Detection. In: Lee, SW., Verri, A. (eds) Pattern Recognition with Support Vector Machines. SVM 2002. Lecture Notes in Computer Science, vol 2388. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45665-1_15
Download citation
DOI: https://doi.org/10.1007/3-540-45665-1_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44016-1
Online ISBN: 978-3-540-45665-0
eBook Packages: Springer Book Archive