Enhancing the SVDD Accuracy in Intrusion Detection Systems by Removing External Voids

This work aims to improve the accuracy of the SVDD-based Intrusion Detection Systems. In this study we are interested by approaches using only one-class classification, namely the class of normal user sessions. Sessions are modeled by vectors of points in a finite features space. The goal of using the SVDD in anomaly detection is to find the hypersphere with a minimal volume that encloses the entire scatter of points (i.e. the normal sessions). This paper discusses the general case where the shape of the scatter is arbitrary. In this case some voids can occur between the scatter and the boundary of the hypersphere, and mainly cause a distortion of the data description that reduces the accuracy of the detection. The objective of this work is to study and highlight the best techniques that help removing voids and thus improving the accuracy of the SVDD. Experimental results show that choosing the appropriate techniques and parameters can significantly improve the accuracy of the SVDD.

[1]  Longbing Cao,et al.  A K-Farthest-Neighbor-based approach for support vector data description , 2013, Applied Intelligence.

[2]  Hadi Sadoghi Yazdi,et al.  Intrusion Detection by New Data Description Method , 2010, 2010 International Conference on Intelligent Systems, Modelling and Simulation.

[3]  Sang-Gun Na,et al.  Abnormality detection via SVDD technique of motor-generator system in HEV , 2014 .

[4]  Longbing Cao,et al.  SVDD-based outlier detection on uncertain data , 2012, Knowledge and Information Systems.

[5]  Xindong Wu,et al.  Multi-sphere Support Vector Data Description for Outliers Detection on Multi-distribution Data , 2009, 2009 IEEE International Conference on Data Mining Workshops.

[6]  Wei-Cheng Chang A Revisit to Support Vector Data Description ( SVDD ) , 2013 .

[7]  Paul Honeine,et al.  ${l_p}$-norms in One-Class Classification for Intrusion Detection in SCADA Systems , 2014, IEEE Transactions on Industrial Informatics.

[8]  Dharma P. Agrawal,et al.  SVM-based intrusion detection system for wireless ad hoc networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[9]  Dat Tran,et al.  Repulsive-SVDD Classification , 2015, PAKDD.

[10]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[11]  D. Tax,et al.  Feature scaling in support vector data description , 2002 .

[12]  Robert P. W. Duin,et al.  Feature Scaling in Support Vector Data Descriptions , 2000 .

[13]  Andrew J. Clark,et al.  Data preprocessing for anomaly based network intrusion detection: A review , 2011, Comput. Secur..

[14]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[15]  Yang Shao-quan,et al.  An Intrusion Detection System Based on Support Vector Machine , 2003 .

[16]  Yingbing Yu,et al.  A survey of anomaly intrusion detection techniques , 2012 .

[17]  Leo Breiman,et al.  Classification and Regression Trees , 1984 .

[18]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[19]  Bin Qiang Wang,et al.  Detecting App-DDoS Attacks Based on Marking Access and d-SVDD , 2013 .

[20]  Robert P. W. Duin,et al.  Support Vector Data Description , 2004, Machine Learning.