Abstract
For network intrusion and virus detection, ordinary methods detect malicious network traffic and viruses by examining packets, flow logs or content of memory for any signatures of the attack. This implies that if no signature is known/created in advance, attack detection will be problematical. Addressing unknown attacks detection, we develop in this paper a network traffic and spam analyzer using a string kernel based SVM (support vector machine) supervised machine learning. The proposed method is capable of detecting network attack without known/earlier determined attack signatures, as SVM automatically learning attack signatures from traffic data. For application to internet security, we have implemented the proposed method for spam email detection over the SpamAssasin and E. M. Canada datasets, and network application authentication via real connection data analysis. The obtained above 99% accuracies have demonstrated the usefulness of string kernel SVMs on network security for either detecting ‘abnormal’ or protecting ‘normal’ traffic.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chang, C.-C., Lin, C.-J.: LIBSVM:a library for support vector machines (2001), http://www.csie.ntu.edu.tw/~cjlin/libsvm
Shawe-Taylor, J., Cristianini, N.: Kernel Methods for Pattern Analysis. Cambridge University Press, New York (2004)
Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. Wiley-Interscience, Hoboken (2000)
Charras, C., Lecroqk, T.: Sequence comparison (1998), http://www-igm.univ-mlv.fr/~lecroq/seqcomp/index.html
Lodhi, H., Saunders, C., Shawe-Taylor, J., Cristianini, N., Watkins, C.: Text classification using string kernels. J. Mach. Learn. Res. 2, 419–444
Fisk, M., Varghese, G.: Applying Fast String Matching to Intrusion Detection (September 2002)
Aizerman, A., Braverman, E.M., Rozoner, L.I.: Theoretical foundations of the potential function method in pattern recognition learning. Automation and Remote Control 25, 821–837 (1964)
Boser, B.E., Guyon, I.M., Vapnik, V.N.: A training algorithm for optimal margin classifiers. In: COLT 1992: Proceedings of the fifth annual workshop on Computational learning theory, pp. 144–152. ACM, New York (1992)
Yuan, G.-X., Chang, C.-C., Lin, C.-J.: LIBSVM: libsvm experimental code for string inputs, http://140.112.30.28/~cjlin/libsvmtools/string/libsvm-2.88-string.zip
Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (idps). In: NIST: National Institute of Standards and Technology (2007), http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
Vapnik, V.N.: The nature of statistical learning. Springer, New York (1995)
Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines and Other Kernel-based Learning Methods. Cambridge University Press, Cambridge (2000)
Caswell, B., Beale, J., Foster, J.C., Faircloth, J.: Snort 2.0 Intrusion Detection. Syngress (2003), http://www.amazon.ca/exec/obidos/redirect?tag=citeulike09-20&path=ASIN/1931836744
Whitman, M.E., Mattord, H.J.: Principles of Information Security. Course Technology Press, Boston (2004)
Combs, G., et al.: Wireshark: network protocol analyzer, http://www.wireshark.org/
Elson, J.: tcpflow: tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis, http://www.circlemud.org/jelson/software/tcpflow/
Bogomolny, A.: Distance Between Strings, http://www.cut-the-knot.org/doyouknow/Strings.shtml
SpamAssassin public mail corpus, http://spamassassin.apache.org/publiccorpus/
Spam dataset, http://www.em.ca/7Ebruceg/spam/
Lai, C.-C.: An empirical study of three machine learning methods for spam filtering. Knowledge-Based Systems 20, 249–254 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Michlovský, Z., Pang, S., Kasabov, N., Ban, T., Kadobayashi, Y. (2009). String Kernel Based SVM for Internet Security Implementation. In: Leung, C.S., Lee, M., Chan, J.H. (eds) Neural Information Processing. ICONIP 2009. Lecture Notes in Computer Science, vol 5864. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10684-2_59
Download citation
DOI: https://doi.org/10.1007/978-3-642-10684-2_59
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10682-8
Online ISBN: 978-3-642-10684-2
eBook Packages: Computer ScienceComputer Science (R0)