A SVM-based System for On-line Unsupervised Intrusion Detection

Using frequency weighting mining algorithm with real-time data processing capability to calculate each system call's frequency value for existed audit records,we got a vector set of progresses.The vector set was linearly scanned and its progresses were labeled as "normal" or "attack" according to their distance relations.Then,we got a SVM training set without man-made supervision.Finally,the normal behavior profiles for monitoring the target system were generated by SVM classifier so as to construct a practical on-line intrusion detection system without human intervention.