Skip to main content
SpringerLink
Log in

Intrusion Detection by Ellipsoid Boundary

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

This paper presents a novel approach to describe the normal behavior of computer networks (as used in IDS) based on Support Vector Data Description (SVDD). In the proposed method we find a minimal hyper-ellipse around the normal objects in the input space. Hyper-ellipse can be expanded in high dimensional space (ESVDD) or to be used as a preprocessing in SVDD method (PESVDD) to obtain better results for IDS. KDD-cup99 has been used as data set for test of the proposed method. The overall experiments show prominence of our work in comparison with similar previous works.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Ghosh, K.A., Schwartzbard, A.: Study in using neural networks for anomaly and misuse detection. In: Proceedings of the 8th SENIX security symposium, pp. 131–142. Washington, DC, 23–26 August 1999

  2. Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J. 16, 507–521 (2007)

    Article  Google Scholar 

  3. Zheng, J., Hu, M.: Intrusion detection of DoS/DDoS and probing attacks for web services. In: Proceedings of the WAIM, pp. 333–344. Hangzhou, China, LNCS, 3739, 11–13 Oct 2005

  4. Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Software Eng. 21(3), 181–199 (1995)

    Article  Google Scholar 

  5. Marchette, D.: A statistical method for profiling network traffic. In: Proceedings of the first USENIX workshop on intrusion detection and network monitoring, pp. 119–128. Santa Clara, California, USA, 9–12 April 1999

  6. Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection: support vector machines and neural networks. In: Proceedings of the IEEE international joint conference on neural networks (ANNIE), pp. 1702–1707. St. Louis (2002)

  7. Tax, D.M.J.: One-Class Classification: Concept Learning in the Absence of Counter-Examples. Technische Universiteit Delft, Netherlands (2001)

    Google Scholar 

  8. Parzen, E.: On estimation of a probability density function and mode. Ann. Math. Stat. 33, 1065–1076 (1962)

    Article  MATH  MathSciNet  Google Scholar 

  9. Bishop, C.: Neural Networks for Pattern Recognition. Oxford University Press, Walton Street, Oxford OX2 6DP (1995)

  10. Ypma, A., Duin, R.P.W.: Support objects for domain approximation. In: Proceedings of the 8th international conference on artificial neural networks (ICANN’98), Skovde, Sweden, pp. 719–724. Springer, Berlin, 2–4 Sept 1998

  11. Tax, D.M.J., Duin, R.P.W.: Support vector data description. Mach. Learn. 54, 45–66 (2004)

    Article  MATH  Google Scholar 

  12. Tax, D.M.J., Duin, R.P.W.: Support vector domain description. Pattern Recognit. Lett. 20, 1191–1199 (1999)

    Article  Google Scholar 

  13. Guo, S.M., Chen, L.C., Tsai, J.S.H.: A boundary method for outlier detection based on support vector domain description. Pattern Recognit. 42, 77–83 (2009)

    Article  MATH  Google Scholar 

  14. Liu, Y., Gururajan, S., Cukic, B., Menzies, T., Napolitano, M.: Validating an online adaptive system using SVDD. In: Proceedings of the 15th IEEE international conference on tools with artificial intelligence (ICTAI’03), pp. 384–388. Sacramento, California, USA, 3–5 Nov 2003

  15. Ji, R., Liu, D., Wu, M., Liu, J.: The application of SVDD in gene expression data clustering. In: Proceedings of the 2nd international conference on bioinformatics and biomedical engineering (ICBBE’08), pp. 371–374. Shanghai, China, 16–18 May 2008

  16. Yu, X., Dementhon, D., Doermann, D.: Support vector data description for image categorization from internet images. In: Proceedings of the 19th international conference on pattern recognition (ICPR’08), Tampa, Florida, USA, 8–11 Dec 2008

  17. Cho, H.W.: Data description and noise filtering based detection with its application and performance comparison. Expert Syst. Appl. 36, 434–441 (2009)

    Article  Google Scholar 

  18. Jiaomin,L., Zhenzhou,W., Xinchun, F., Jing, W.: Intrusion detection technology based on SVDD. In: Proceedings of the 2nd international conference on intelligent networks and intelligent systems (ICINIS’09), Tianjin, Chaina, 1–3 Nov 2009

  19. Wang, Y.: Statistical Techniques for Network Security: Modern Statistically-Based Intrusion Detection and Protection. Inf Sci Ref, Hershey, New York (2009)

    Google Scholar 

  20. Amoroso, E.: Intrusion detection: an introduction to internet surveillance, correlation, trace back, traps, and response, 1st edn. Intrusion NetBooks (1999)

  21. Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune system approaches to intrusion detection—A review. Nat. Comput. Int. J. 6(4), 413–466 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  22. Northcutt, S., Novak, J.: Network Intrusion Detection. New Riders, 3rd edn. (2003)

  23. Scholkopf, B., Smola, A.J., Muller, K.: Nonlinear component analysis as a kernel eigenvalue problem. Neural Comput. 10, 1299–1319 (1999)

    Article  Google Scholar 

  24. Haykin, S.: Nerual Networks a Comprehensive Foundation. Prentic Hall (1999)

  25. Blake, C.L., Merz, C.J.: UCI repository of machine learning databases. Department of Information and Computer Sciences, University of California, Irvine, Available at http://www.ics.uci.edu/~mlearn/MLRepository.html

  26. GhasemiGol, M., Monsefi, R., Sadoghi-Yazdi, H.: Ellipse Support Vector Data Description. EANN 2009, Springer, CCIS 43, pp. 257–268 (2009)

Download references

Acknowledgments

This work has been partially supported by Iran Telecommunication Research Center (ITRC), Tehran, Iran (Contract No: T/500/1640). This support is gratefully acknowledged.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Ferdowsi University of Mashhad (FUM), Mashhad, Iran

    Mohammad GhasemiGol, Reza Monsefi & Hadi Sadoghi-Yazdi

Authors
  1. Mohammad GhasemiGol
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Reza Monsefi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hadi Sadoghi-Yazdi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad GhasemiGol.

Appendix

Appendix

See Tables 7 and 8.

Table 7 Known and novel attacks in KDD-cup 1999 data
Full size table
Table 8 Variables in KDD-cup 1999 data
Full size table

Rights and permissions

Reprints and permissions

About this article

Cite this article

GhasemiGol, M., Monsefi, R. & Sadoghi-Yazdi, H. Intrusion Detection by Ellipsoid Boundary. J Netw Syst Manage 18, 265–282 (2010). https://doi.org/10.1007/s10922-010-9165-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-010-9165-x

Keywords

Search

Navigation