Intrusion Detection : Support Vector Machines and Neural Networks

This paper concerns intrusion detection and audit trail reduction. We describe approaches to intrusion detection and audit data reduction using support vector machines and neural networks. Using a set of benchmark data from the KDD (Knowledge Discovery and Data Mining) competition designed by DARPA, we demonstrate that efficient and highly accurate classifiers can be built using either support vector machines (SVMs) or neural networks for intrusion detection. Further, we present SVMs and neural networks that use only the (13 of 41) most significant features of the data and deliver only-slightly-lower detection accuracy in the binary attack/normal classification. We also compare the performance of neural networks and SVMs.

[1]  Thorsten Joachims,et al.  Estimating the Generalization Performance of an SVM Efficiently , 2000, ICML.

[2]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[3]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000, Int. J. Intell. Syst..

[4]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[5]  Andrew H. Sung,et al.  Ranking importance of input parameters of neural networks , 1998 .

[6]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[7]  Thorsten Joachims,et al.  Making large scale SVM learning practical , 1998 .

[8]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[9]  Vladimir Cherkassky,et al.  The Nature Of Statistical Learning Theory , 1997, IEEE Trans. Neural Networks.

[10]  Michael J. Cramer New Methods of Intrusion Detection using Control-Loop Measurement , 1995 .

[11]  Eugene H. Spafford,et al.  An Application of Pattern Matching in Intrusion Detection , 1994 .

[12]  Hervé Debar,et al.  An application of a recurrent network to an intrusion detection system , 1992, [Proceedings 1992] IJCNN International Joint Conference on Neural Networks.

[13]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.