Anomaly Intrusion Detection Based on Hyper-ellipsoid in the Kernel Feature Space

The Support Vector Data Description (SVDD) has achieved great success in anomaly detection, directly finding the optimal ball with a minimal radius and center, which contains most of the target data. The SVDD has some limited classification capability, because the hyper-sphere, even in feature space, can express only a limited region of the target class. This paper presents an anomaly detection algorithm for mitigating the limitations of the conventional SVDD by finding the minimum volume enclosing ellipsoid in the feature space. To evaluate the performance of the proposed approach, we tested it with intrusion detection applications. Experimental results show the prominence of the proposed approach for anomaly detection compared with the standard SVDD.

[1]  Hadi Sadoghi Yazdi,et al.  Intrusion Detection by Ellipsoid Boundary , 2010, Journal of Network and Systems Management.

[2]  Guangjun Liu Practical Schemes for Tunable Secure Network Coding , 2015, KSII Trans. Internet Inf. Syst..

[3]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[4]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[5]  Yongwha Chung,et al.  An Adaptive Intrusion Detection Algorithm Based on Clustering and Kernel-Method , 2006, PAKDD.

[6]  Han Wu,et al.  Anomaly intrusion detection based upon data mining techniques and fuzzy logic , 2012, 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[7]  Hadi Sadoghi Yazdi,et al.  Intrusion Detection by New Data Description Method , 2010, 2010 International Conference on Intelligent Systems, Modelling and Simulation.

[8]  Nello Cristianini,et al.  Kernel Methods for Pattern Analysis , 2004 .

[9]  Defeng Wang,et al.  Structured One-Class Classification , 2006, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[10]  Hadi Sadoghi Yazdi,et al.  Ellipse Support Vector Data Description , 2009, EANN.

[11]  Amit Banerjee,et al.  Fast Hyperspectral Anomaly Detection via SVDD , 2007, 2007 IEEE International Conference on Image Processing.

[12]  Leonid Khachiyan,et al.  Rounding of Polytopes in the Real Number Model of Computation , 1996, Math. Oper. Res..

[13]  Christopher Krügel,et al.  Stateful intrusion detection for high-speed network's , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[14]  A. Bachelor GLOSSARY OF TERMS GLOSSARY OF TERMS , 2010 .

[15]  J.S.H. Tsai,et al.  A boundary method for outlier detection based on support vector domain description , 2009, Pattern Recognit..

[16]  Robert P. W. Duin,et al.  Support Vector Data Description , 2004, Machine Learning.

[17]  N. Moshtagh MINIMUM VOLUME ENCLOSING ELLIPSOIDS , 2005 .

[18]  Peng Sun,et al.  Computation of Minimum Volume Covering Ellipsoids , 2002, Oper. Res..

[19]  Juan E. Tapiador,et al.  Detection of Web-based attacks through Markovian protocol parsing , 2005, 10th IEEE Symposium on Computers and Communications (ISCC'05).

[20]  Dongjoon Kong,et al.  A differentiated one-class classification method with applications to intrusion detection , 2012, Expert Syst. Appl..

[21]  Wang Qian,et al.  A graph-based clustering algorithm for anomaly intrusion detection , 2012, 2012 7th International Conference on Computer Science & Education (ICCSE).

[22]  Marius Kloft,et al.  Security analysis of online centroid anomaly detection , 2010, J. Mach. Learn. Res..

[23]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[24]  Daihee Park,et al.  Traffic flooding attack detection with SNMP MIB using SVM , 2008, Comput. Commun..

[25]  Wang Jing,et al.  Intrusion Detection Technology Based on SVDD , 2009, 2009 Second International Conference on Intelligent Networks and Intelligent Systems.

[26]  H. Hindi,et al.  A tutorial on convex optimization , 2004, Proceedings of the 2004 American Control Conference.

[27]  Saeed Parsa,et al.  A New Semantic Kernel Function for Online Anomaly Detection of Software , 2012 .

[28]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[29]  Daihee Park,et al.  Intrusion Detection System Based on Multi-class SVM , 2005, RSFDGrC.

[30]  Md. Abu Naser Bikas,et al.  An Implementation of Intrusion Detection System Using Genetic Algorithm , 2012, ArXiv.

[31]  Jooyoung Park,et al.  One-Class Support Vector Learning and Linear Matrix Inequalities , 2003, Int. J. Fuzzy Log. Intell. Syst..

[32]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[33]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[34]  Bernhard Schölkopf,et al.  Kernel Principal Component Analysis , 1997, ICANN.

[35]  Marimuthu Palaniswami,et al.  Centered Hyperspherical and Hyperellipsoidal One-Class Support Vector Machines for Anomaly Detection in Sensor Networks , 2010, IEEE Transactions on Information Forensics and Security.

[36]  David M. J. Tax,et al.  Kernel Whitening for One-Class Classification , 2003, Int. J. Pattern Recognit. Artif. Intell..

[37]  Piyush Kumar,et al.  Minimum-Volume Enclosing Ellipsoids and Core Sets , 2005 .