Support vector machines for anomaly detection

The support vector machines is a widely used tool for classification. In this paper, firstly the method of selected features of Windows Registry access recorder to construct detection data set was discussed and two kinds of feature representation methods adapted to SVM algorithm was described. Secondly, the algorithms of standard SVM that are used to classification was presented. At last, we implemented the standard SVM algorithm, weighted SVM and one class SVM to build models for different kind of data set. Experiment results on test data are given to illustrate the performance of these models. It is found that the C-SVM has high detection precision to predict the known examples and can also detect some unknown examples. Weighted SVM can effectively solve the misclassification problem resulted from the unbalance data set, one class SVM is an effective way to deal with unsupervised data.