Attack recall control in anomaly detection

This paper presents an approach to control the attack recall in an anomaly detection system using support vector machines (SVM). The recall and precision of SVM are controlled by the selection of the training model. The training model is selected by optimization method using genetic algorithm. A SVM training model optimization problem is presented and an expected attack recall is controlled by a tradeoff parameter /spl rho/ in the objective function. Experimental results demonstrate that as /spl rho/ increases from 0 to 1, the recall increases from 0 to 1. If we use the value of /spl rho/ to estimate the recall, the mean square error of this estimation is decreased during the evolution of the training model. Our approach allows a user to design a system with an expected recall while the precision is high.

[1]  Federico Girosi,et al.  Support Vector Machines: Training and Applications , 1997 .

[2]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[3]  Vladimir Vapnik,et al.  An overview of statistical learning theory , 1999, IEEE Trans. Neural Networks.

[4]  Xin Yao,et al.  Evolving artificial neural networks , 1999, Proc. IEEE.

[5]  Thorsten Joachims,et al.  Estimating the Generalization Performance of an SVM Efficiently , 2000, ICML.

[6]  Guido Smits,et al.  Improved SVM regression using mixtures of kernels , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[7]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[8]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.