论文信息 - A Framework for Adaptive Anomaly Detection Based on Support Vector Data Description

A Framework for Adaptive Anomaly Detection Based on Support Vector Data Description

To improve the efficiency and usability of adaptive anomaly detection system, we propose a new framework based on Support Vector Data Description (SVDD) method. This framework includes two main techniques: online change detection and unsupervised anomaly detec- tion. The first one enables automatically obtain model training data by measuring and distinguishing change caused by intensive attacks from normal behavior change and then filtering most intensive attacks. The second retrains model periodically and detects the forthcoming data. Results of experiments with the KDD'99 network data show that these techniques can handle intensive attacks effectively and adapt to the con- cept drift while still detecting attacks. As a result, false positive rate is reduced from 13.43% to 4.45%.

[1] Robert P. W. Duin,et al. Support vector domain description , 1999, Pattern Recognit. Lett..

[2] Salvatore J. Stolfo,et al. Cost-sensitive, scalable and adaptive learning using ensemble-based methods , 2001 .

[3] Michèle Basseville,et al. Detection of abrupt changes: theory and application , 1993 .

[4] John McHugh,et al. Intrusion and intrusion detection , 2001, International Journal of Information Security.

[5] Salvatore J. Stolfo,et al. A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[6] Graham J. Williams,et al. On-Line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms , 2000, KDD '00.

[7] Carla E. Brodley,et al. Approaches to Online Learning and Concept Drift for User Identification in Computer Security , 1998, KDD.

[8] Susan M. Bridges,et al. A FRAMEWORK FOR AN ADAPTIVE INTRUSION DETECTION SYSTEM WITH DATA MINING , 2001 .

[9] David M. J. Tax,et al. Online SVM learning: from classification to data description and back , 2003, 2003 IEEE XIII Workshop on Neural Networks for Signal Processing (IEEE Cat. No.03TH8718).

[10] Salvatore J. Stolfo,et al. Adaptive Model Generation for Intrusion Detection Systems , 2000 .