Abstract
This paper presents a novel approach to describe the normal behavior of computer networks (as used in IDS) based on Support Vector Data Description (SVDD). In the proposed method we find a minimal hyper-ellipse around the normal objects in the input space. Hyper-ellipse can be expanded in high dimensional space (ESVDD) or to be used as a preprocessing in SVDD method (PESVDD) to obtain better results for IDS. KDD-cup99 has been used as data set for test of the proposed method. The overall experiments show prominence of our work in comparison with similar previous works.
Similar content being viewed by others
References
Ghosh, K.A., Schwartzbard, A.: Study in using neural networks for anomaly and misuse detection. In: Proceedings of the 8th SENIX security symposium, pp. 131–142. Washington, DC, 23–26 August 1999
Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J. 16, 507–521 (2007)
Zheng, J., Hu, M.: Intrusion detection of DoS/DDoS and probing attacks for web services. In: Proceedings of the WAIM, pp. 333–344. Hangzhou, China, LNCS, 3739, 11–13 Oct 2005
Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Software Eng. 21(3), 181–199 (1995)
Marchette, D.: A statistical method for profiling network traffic. In: Proceedings of the first USENIX workshop on intrusion detection and network monitoring, pp. 119–128. Santa Clara, California, USA, 9–12 April 1999
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection: support vector machines and neural networks. In: Proceedings of the IEEE international joint conference on neural networks (ANNIE), pp. 1702–1707. St. Louis (2002)
Tax, D.M.J.: One-Class Classification: Concept Learning in the Absence of Counter-Examples. Technische Universiteit Delft, Netherlands (2001)
Parzen, E.: On estimation of a probability density function and mode. Ann. Math. Stat. 33, 1065–1076 (1962)
Bishop, C.: Neural Networks for Pattern Recognition. Oxford University Press, Walton Street, Oxford OX2 6DP (1995)
Ypma, A., Duin, R.P.W.: Support objects for domain approximation. In: Proceedings of the 8th international conference on artificial neural networks (ICANN’98), Skovde, Sweden, pp. 719–724. Springer, Berlin, 2–4 Sept 1998
Tax, D.M.J., Duin, R.P.W.: Support vector data description. Mach. Learn. 54, 45–66 (2004)
Tax, D.M.J., Duin, R.P.W.: Support vector domain description. Pattern Recognit. Lett. 20, 1191–1199 (1999)
Guo, S.M., Chen, L.C., Tsai, J.S.H.: A boundary method for outlier detection based on support vector domain description. Pattern Recognit. 42, 77–83 (2009)
Liu, Y., Gururajan, S., Cukic, B., Menzies, T., Napolitano, M.: Validating an online adaptive system using SVDD. In: Proceedings of the 15th IEEE international conference on tools with artificial intelligence (ICTAI’03), pp. 384–388. Sacramento, California, USA, 3–5 Nov 2003
Ji, R., Liu, D., Wu, M., Liu, J.: The application of SVDD in gene expression data clustering. In: Proceedings of the 2nd international conference on bioinformatics and biomedical engineering (ICBBE’08), pp. 371–374. Shanghai, China, 16–18 May 2008
Yu, X., Dementhon, D., Doermann, D.: Support vector data description for image categorization from internet images. In: Proceedings of the 19th international conference on pattern recognition (ICPR’08), Tampa, Florida, USA, 8–11 Dec 2008
Cho, H.W.: Data description and noise filtering based detection with its application and performance comparison. Expert Syst. Appl. 36, 434–441 (2009)
Jiaomin,L., Zhenzhou,W., Xinchun, F., Jing, W.: Intrusion detection technology based on SVDD. In: Proceedings of the 2nd international conference on intelligent networks and intelligent systems (ICINIS’09), Tianjin, Chaina, 1–3 Nov 2009
Wang, Y.: Statistical Techniques for Network Security: Modern Statistically-Based Intrusion Detection and Protection. Inf Sci Ref, Hershey, New York (2009)
Amoroso, E.: Intrusion detection: an introduction to internet surveillance, correlation, trace back, traps, and response, 1st edn. Intrusion NetBooks (1999)
Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune system approaches to intrusion detection—A review. Nat. Comput. Int. J. 6(4), 413–466 (2007)
Northcutt, S., Novak, J.: Network Intrusion Detection. New Riders, 3rd edn. (2003)
Scholkopf, B., Smola, A.J., Muller, K.: Nonlinear component analysis as a kernel eigenvalue problem. Neural Comput. 10, 1299–1319 (1999)
Haykin, S.: Nerual Networks a Comprehensive Foundation. Prentic Hall (1999)
Blake, C.L., Merz, C.J.: UCI repository of machine learning databases. Department of Information and Computer Sciences, University of California, Irvine, Available at http://www.ics.uci.edu/~mlearn/MLRepository.html
GhasemiGol, M., Monsefi, R., Sadoghi-Yazdi, H.: Ellipse Support Vector Data Description. EANN 2009, Springer, CCIS 43, pp. 257–268 (2009)
Acknowledgments
This work has been partially supported by Iran Telecommunication Research Center (ITRC), Tehran, Iran (Contract No: T/500/1640). This support is gratefully acknowledged.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
GhasemiGol, M., Monsefi, R. & Sadoghi-Yazdi, H. Intrusion Detection by Ellipsoid Boundary. J Netw Syst Manage 18, 265–282 (2010). https://doi.org/10.1007/s10922-010-9165-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-010-9165-x