Abstract
Intrusion detection acts as an effective countermeasure to solve the network security problems. Support Vector Machine (SVM) is one of the widely used intrusion detection techniques. However, the commonly used two-class SVM algorithms are facing difficulties of constructing the training dataset. That is because in many real application scenarios, normal connection records are easy to be obtained, but attack records are not so. We propose an anomaly detection model for network intrusions by using one-class SVM and scaling strategy. The one-class SVM adopts only normal network connection records as the training dataset. The scaling strategy guarantees that the variability of feature values can reflect their importance, thus improving the detection accuracy significantly. Experimental results on KDDCUP99 dataset show that compared to Probabilistic Neural Network (PNN) and C-SVM, our one-class SVM based model achieves higher detection rates and yields average better performance in terms of precision, recall and F-value.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Symantec Enterprise.: Internet Security Threat Report 2014. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf. accessed 15 April 2015
Cenzic.: Application Vulnerability Trends Report 2014. http://www.cenzic.com/downloads/Cenzic_Vulnerability_Report_2014.pdf. accessed 15 April 2015
Anderson, J.P.: Computer security threat monitoring and surveillance. vol. 17. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)
Axelsson, S.: Intrusion detection systems: A survey and taxonomy. vol. 99. Technical report, 2000
Kruegel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)
Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)
Li, Y., Li, W., Wu, G.: An intrusion detection approach using SVM and multiple kernel method. Int. J Adv. Comput. Technol. IJACT 4(1), 463–469 (2012)
Li, Y., et al.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)
Taylor, C., Alves-Foss, J.: Low cost network intrusion detection (2000)
Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using Bayes estimators. In: SDM (2001)
Shyu, M.-L., et al.: A novel anomaly detection scheme based on principal component classifier. Miami Univ Coral Gables FL Dept of Electrical and Computer Engineering (2003)
Qin, M., Hwang, K.: Frequent episode rules for intrusive anomaly detection with internet datamining. In: USENIX Security Symposium (2004)
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)
Wang, G., et al.: A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst. Appl. 37(9), 6225–6232 (2010)
Sinclair, C., Pierce, L., Matzner, S.: An application of machine learning to network intrusion detection. In: 15th Annual Computer Security Applications Conference (ACSAC 1999) Proceedings. IEEE (1999)
Tsai, C.-F., et al.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)
Ryan, J., Lin, M.-J., Miikkulainen, R.: Intrusion detection with neural networks. In: Advances in neural information processing systems 943–949 (1998)
Kim, D.S., Park, J.S.: Network-based intrusion detection with support vector machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)
Sung, A.H., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: 2003 Symposium on Applications and the Internet, Proceedings, pp. 209–216. IEEE (2003)
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002. vol. 2. IEEE (2002)
Ambwani, T.: Multi class support vector machine implementation to intrusion detection. In: Proceedings of the International Joint Conference on Neural Networks, vol. 3. IEEE (2003)
Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. Int. J. Very Large Data Bases 16(4), 507–521 (2007)
Horng, S.-J., et al.: A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst. Appl. 38(1), 306–313 (2011)
Schölkopf, B., et al.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443–1471 (2001)
Platt, J.: Sequential minimal optimization: a fast algorithm for training support vector machines (1998)
UCI KDD Archive.: KDDCUP99 dataset. http://kdd.ics.uci.edu/databases/kddcup99/. accessed 15 April 2015
MIT Lincoln Laboratory.: DARPA Intrusion Detection Data Sets. http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/index.html. accessed 15 April 2015
Specht, D.F.: Probabilistic neural networks. Neural Netw. 3(1), 109–118 (1990)
Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)
Chang, C.-C., Lin, C.-J.: LIBSVM : a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 27:1–27:27 (2011). http://www.csie.ntu.edu.tw/~cjlin/libsvm
Acknowledgement
The work of this paper is supported by the National Natural Science Foundation of China Project under grant No. 61271252.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhang, M., Xu, B., Wang, D. (2016). An Anomaly Detection Model for Network Intrusions Using One-Class SVM and Scaling Strategy. In: Guo, S., Liao, X., Liu, F., Zhu, Y. (eds) Collaborative Computing: Networking, Applications, and Worksharing. CollaborateCom 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 163. Springer, Cham. https://doi.org/10.1007/978-3-319-28910-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-28910-6_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28909-0
Online ISBN: 978-3-319-28910-6
eBook Packages: Computer ScienceComputer Science (R0)