论文信息 - Anomaly Detection Enhanced Classification in Computer Intrusion Detection

Anomaly Detection Enhanced Classification in Computer Intrusion Detection

This paper describes experiences and results applying Support Vector Machine (SVM) to a Computer Intrusion Detection (CID) dataset. This is the second stage of work with this dataset, emphasizing incorporation of anomaly detection in the modeling and prediction of cyber-attacks. The SVMmethod for classification is used as a benchmark method (from previous study [1]), and the anomaly detection approaches compare so-called "one class" SVMs with a thresholded Mahalanobis distance to define support regions. Results compare the performance of the methods, and investigate joint performance of classification and anomaly detection. The dataset used is the DARPA/KDD-99 publicly available dataset of features from network packets classified into non-attack and four attack categories.

James R. Gattiker | Mike Fugate

[2] R.K. Cunningham,et al. Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[3] M. Gokhale,et al. GIGABIT RATE NETWORK INTRUSION DETECTION TECHNOLOGY , 2001 .

[4] Bernhard Schölkopf,et al. Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[5] Ronald Christensen. Plane Answers to Complex Questions , 1987 .

[6] R. Christensen,et al. Advanced Linear Modeling , 2002, Springer Texts in Statistics.

[7] Thorsten Joachims,et al. Making large scale SVM learning practical , 1998 .