Robust Support Vector Machines for Anomaly Detection in Computer Security

Using the 1998 DARPA BSM data set collected at MIT’s Lincoln Labs to study intrusion detection systems, the performance of robust support vector machines (RVSMs) was compared with that of conventional support vector machines and nearest neighbor classifiers in separating normal usage profiles from intrusive profiles of computer programs. The results indicate the superiority of RSVMs not only in terms of high intrusion detection accuracy and low false positives but also in terms of their generalization ability in the presence of noise and running time. Keywords—Intrusion detection, computer security, robust support vector machines, noisy data.

[1]  Wenjie Hu,et al.  Robust support vector machine with bullet hole image classification , 2002 .

[2]  Erland Jonsson,et al.  Anomaly-based intrusion detection: privacy concerns and other problems , 2000, Comput. Networks.

[3]  D. Endler,et al.  Intrusion detection. Applying machine learning to Solaris audit data , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[4]  V. N. Dao,et al.  A Performance Comparison of Different Back Propagation Neural Networks Methods in Computer Network Intrusion Detection , 2002 .

[5]  Eleazar Eskin,et al.  A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[6]  Terran Lane,et al.  An Application of Machine Learning to Anomaly Detection , 1999 .

[7]  Anup K. Ghosh,et al.  A Study in Using Neural Networks for Anomaly and Misuse Detection , 1999, USENIX Security Symposium.

[8]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[9]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[10]  Philip K. Chan,et al.  Learning Patterns from Unix Process Execution Traces for Intrusion Detection , 1997 .

[11]  Vladimir Vapnik,et al.  Statistical learning theory , 1998 .

[12]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[13]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[14]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[15]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[16]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[17]  V N P Dao,et al.  Profiling users in the UNIX os environment , 2000 .

[18]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[19]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[20]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..