An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection

被引:54
作者
Catania, Carlos A. [1 ]
Bromberg, Facundo [2 ]
Garcia Garino, Carlos [1 ,3 ]
机构
[1] Univ Nacl Cuyo, ITIC, RA-5500 Mendoza, Argentina
[2] FRM UTN, Dept Sistemas Informac, RA-5500 Mendoza, Argentina
[3] Univ Nacl Cuyo, Fac Ingn, RA-5500 Mendoza, Argentina
关键词
Anomaly detection; Intrusion detection systems; SVM; Labeling;
D O I
10.1016/j.eswa.2011.08.068
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
In the past years, several support vector machines (SVM) novelty detection approaches have been applied on the network intrusion detection field. The main advantage of these approaches is that they can characterize normal traffic even when trained with datasets containing not only normal traffic but also a number of attacks. Unfortunately, these algorithms seem to be accurate only when the normal traffic vastly outnumbers the number of attacks present in the dataset. A situation which can not be always hold. This work presents an approach for autonomous labeling of normal traffic as a way of dealing with situations where class distribution does not present the imbalance required for SVM algorithms. In this case, the autonomous labeling process is made by SNORT, a misuse-based intrusion detection system. Experiments conducted on the 1998 DARPA dataset show that the use of the proposed autonomous labeling approach not only outperforms existing SVM alternatives but also, under some attack distributions, obtains improvements over SNORT itself. (C) 2011 Elsevier Ltd. All rights reserved.
引用
收藏
页码:1822 / 1829
页数:8
相关论文
共 25 条
[1]  
[Anonymous], P DIMVA
[2]  
[Anonymous], 2003, PRACTICAL GUIDE SUPP
[3]  
Boser B. E., 1992, Proceedings of the Fifth Annual ACM Workshop on Computational Learning Theory, P144, DOI 10.1145/130385.130401
[4]   Kernel methods: a survey of current techniques [J].
Campbell, C .
NEUROCOMPUTING, 2002, 48 :63-84
[5]  
Catania C., 2008, INTELIGENCIA ARTIFIC, V12, P65
[6]   LIBSVM: A Library for Support Vector Machines [J].
Chang, Chih-Chung ;
Lin, Chih-Jen .
ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY, 2011, 2 (03)
[7]   SUPPORT-VECTOR NETWORKS [J].
CORTES, C ;
VAPNIK, V .
MACHINE LEARNING, 1995, 20 (03) :273-297
[8]  
Eskin E., 2002, Applications of Data Mining in Computer Security, P77, DOI [10.1007/978-1-4615-0953-04, 10.1007/978-1-4615-0953-04.URLhttps:/]
[9]   An introduction to ROC analysis [J].
Fawcett, Tom .
PATTERN RECOGNITION LETTERS, 2006, 27 (08) :861-874
[10]  
Feng Y, 2005, PROCEEDINGS OF 2005 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-9, P3965