Anomaly Detection Using LibSVM Training Tools

Intrusion detection is the means to identify the intrusive behaviors and provides useful information to intruded systems to respond fast and to avoid or reduce damages. In recent years, learning machine technology is often used as a detection method in anomaly detection. In this research, we use support vector machine as a learning method for anomaly detection, and use LibSVM as the support vector machine tool. By using this tool, we get rid of numerous and complex operation and do not have to use external tools for finding parameters as need by using other algorithms such as the genetic algorithm. Experimental results show that high average detection rates and low average false positive rates in anomaly detection are achieved by our proposed approach.

[1]  Guifa Teng,et al.  Unsupervised SVM Based on p-kernels for Anomaly Detection , 2006, First International Conference on Innovative Computing, Information and Control - Volume I (ICICIC'06).

[2]  Nello Cristianini,et al.  An introduction to Support Vector Machines , 2000 .

[3]  Byung-Joo Kim,et al.  Kernel based intrusion detection system , 2005, Fourth Annual ACIS International Conference on Computer and Information Science (ICIS'05).

[4]  Dong Seong Kim,et al.  Genetic algorithm to improve SVM based network intrusion detection system , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[5]  Andrew H. Sung,et al.  Sung 1 Feature Selection for Intrusion Detection using Neural Networks and Support Vector Machines , 2006 .

[6]  Dong Seong Kim,et al.  Determining Optimal Decision Model for Support Vector Machine by Genetic Algorithm , 2004, CIS.

[7]  Vladimir Vapnik,et al.  Statistical learning theory , 1998 .

[8]  Xing Li,et al.  Attack recall control in anomaly detection , 2003, International Conference on Communication Technology Proceedings, 2003. ICCT 2003..

[9]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[10]  Jason Weston,et al.  Multi-Class Support Vector Machines , 1998 .

[11]  N. Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods: Kernel-Induced Feature Spaces , 2000 .

[12]  Li Guo,et al.  An Efficient Network Anomaly Detection Scheme Based on TCM-KNN Algorithm and Data Reduction Mechanism , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[13]  Jean-Philippe Vert,et al.  Support Vector Machine Prediction of Signal Peptide Cleavage Site Using a New Class of Kernels for Strings , 2001, Pacific Symposium on Biocomputing.

[14]  James R. Gattiker,et al.  Anomaly Detection Enhanced Classification in Computer Intrusion Detection , 2002, SVM.

[15]  V. Rao Vemuri,et al.  Robust Support Vector Machines for Anomaly Detection in Computer Security , 2003, ICMLA.

[16]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[17]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[18]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[19]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[20]  Guan Xiao,et al.  Network Intrusion Detection Based on Support Vector Machine , 2003 .

[21]  Byung-Joo Kim,et al.  Improved Kernel Based Intrusion Detection System , 2006, ICANN.