Skip to main content
SpringerLink
Log in

An Anomaly Detection Model for Network Intrusions Using One-Class SVM and Scaling Strategy

  • Conference paper
  • First Online:
Collaborative Computing: Networking, Applications, and Worksharing (CollaborateCom 2015)

Abstract

Intrusion detection acts as an effective countermeasure to solve the network security problems. Support Vector Machine (SVM) is one of the widely used intrusion detection techniques. However, the commonly used two-class SVM algorithms are facing difficulties of constructing the training dataset. That is because in many real application scenarios, normal connection records are easy to be obtained, but attack records are not so. We propose an anomaly detection model for network intrusions by using one-class SVM and scaling strategy. The one-class SVM adopts only normal network connection records as the training dataset. The scaling strategy guarantees that the variability of feature values can reflect their importance, thus improving the detection accuracy significantly. Experimental results on KDDCUP99 dataset show that compared to Probabilistic Neural Network (PNN) and C-SVM, our one-class SVM based model achieves higher detection rates and yields average better performance in terms of precision, recall and F-value.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Symantec Enterprise.: Internet Security Threat Report 2014. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf. accessed 15 April 2015

  2. Cenzic.: Application Vulnerability Trends Report 2014. http://www.cenzic.com/downloads/Cenzic_Vulnerability_Report_2014.pdf. accessed 15 April 2015

  3. Anderson, J.P.: Computer security threat monitoring and surveillance. vol. 17. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)

    Google Scholar 

  4. Axelsson, S.: Intrusion detection systems: A survey and taxonomy. vol. 99. Technical report, 2000

    Google Scholar 

  5. Kruegel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)

    Article  Google Scholar 

  7. Li, Y., Li, W., Wu, G.: An intrusion detection approach using SVM and multiple kernel method. Int. J Adv. Comput. Technol. IJACT 4(1), 463–469 (2012)

    Google Scholar 

  8. Li, Y., et al.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)

    Article  Google Scholar 

  9. Taylor, C., Alves-Foss, J.: Low cost network intrusion detection (2000)

    Google Scholar 

  10. Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using Bayes estimators. In: SDM (2001)

    Google Scholar 

  11. Shyu, M.-L., et al.: A novel anomaly detection scheme based on principal component classifier. Miami Univ Coral Gables FL Dept of Electrical and Computer Engineering (2003)

    Google Scholar 

  12. Qin, M., Hwang, K.: Frequent episode rules for intrusive anomaly detection with internet datamining. In: USENIX Security Symposium (2004)

    Google Scholar 

  13. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)

    Article  Google Scholar 

  14. Wang, G., et al.: A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst. Appl. 37(9), 6225–6232 (2010)

    Article  Google Scholar 

  15. Sinclair, C., Pierce, L., Matzner, S.: An application of machine learning to network intrusion detection. In: 15th Annual Computer Security Applications Conference (ACSAC 1999) Proceedings. IEEE (1999)

    Google Scholar 

  16. Tsai, C.-F., et al.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)

    Article  Google Scholar 

  17. Ryan, J., Lin, M.-J., Miikkulainen, R.: Intrusion detection with neural networks. In: Advances in neural information processing systems 943–949 (1998)

    Google Scholar 

  18. Kim, D.S., Park, J.S.: Network-based intrusion detection with support vector machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. Sung, A.H., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: 2003 Symposium on Applications and the Internet, Proceedings, pp. 209–216. IEEE (2003)

    Google Scholar 

  20. Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002. vol. 2. IEEE (2002)

    Google Scholar 

  21. Ambwani, T.: Multi class support vector machine implementation to intrusion detection. In: Proceedings of the International Joint Conference on Neural Networks, vol. 3. IEEE (2003)

    Google Scholar 

  22. Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. Int. J. Very Large Data Bases 16(4), 507–521 (2007)

    Google Scholar 

  23. Horng, S.-J., et al.: A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst. Appl. 38(1), 306–313 (2011)

    Google Scholar 

  24. Schölkopf, B., et al.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443–1471 (2001)

    Article  MATH  Google Scholar 

  25. Platt, J.: Sequential minimal optimization: a fast algorithm for training support vector machines (1998)

    Google Scholar 

  26. UCI KDD Archive.: KDDCUP99 dataset. http://kdd.ics.uci.edu/databases/kddcup99/. accessed 15 April 2015

  27. MIT Lincoln Laboratory.: DARPA Intrusion Detection Data Sets. http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/index.html. accessed 15 April 2015

  28. Specht, D.F.: Probabilistic neural networks. Neural Netw. 3(1), 109–118 (1990)

    Article  Google Scholar 

  29. Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)

    MATH  Google Scholar 

  30. Chang, C.-C., Lin, C.-J.: LIBSVM : a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 27:1–27:27 (2011). http://www.csie.ntu.edu.tw/~cjlin/libsvm

    Google Scholar 

Download references

Acknowledgement

The work of this paper is supported by the National Natural Science Foundation of China Project under grant No. 61271252.

Author information

Authors and Affiliations

  1. National Key Laboratory of Science and Technology on Information System Security, Beijing Institute of System Engineering, Beijing, China

    Ming Zhang, Boyi Xu & Dongxia Wang

Authors
  1. Ming Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Boyi Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dongxia Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ming Zhang .

Editor information

Editors and Affiliations

  1. School of Computer Science & Engineering, The University of Aizu, Aizuwakamatsu, Japan

    Song Guo

  2. School of Computer Science &Technology, Huazhong University of Science and Tech, Wuhan, China

    Xiaofei Liao

  3. School of Computer Science & Technology, Huazhong University of Science and Tech, Wuhan, China

    Fangming Liu

  4. Dept. of Computer Science & Engineering, Shanghai Jiao Tong University, Shanghai, China

    Yanmin Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Zhang, M., Xu, B., Wang, D. (2016). An Anomaly Detection Model for Network Intrusions Using One-Class SVM and Scaling Strategy. In: Guo, S., Liao, X., Liu, F., Zhu, Y. (eds) Collaborative Computing: Networking, Applications, and Worksharing. CollaborateCom 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 163. Springer, Cham. https://doi.org/10.1007/978-3-319-28910-6_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-28910-6_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-28909-0

  • Online ISBN: 978-3-319-28910-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation