Payload-based anomaly detection using KPCA

被引:0
作者
Jia, Libin [1 ]
Ma, Jun
Li, Lin [1 ]
机构
[1] Zhengzhou Inst Aeronaut Ind Management, Zhengzhou 450015, Peoples R China
来源
PROCEEDINGS OF 2009 INTERNATIONAL CONFERENCE OF MANAGEMENT ENGINEERING AND INFORMATION TECHNOLOGY, VOLS 1 AND 2 | 2009年
关键词
KPCA; Payload-based; Security;
D O I
暂无
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
In this paper, we propose a new payload-based anomaly detector. N-gram technique is used to extracted feature from payload and feature reduction is fulfilled by Kernel Primacy Component Analysis (KPCA). In order to resist to mimicry attack, we don't only focus on the Primary Components but also make use of the residual components. In this manner, the normal payload can be described in a finer granularity. One-class SVM classifier is used to construct the normal model. Ensemble of one-class SVM classifiers is also employed to combine the different model in order to improve robustness of detector. Experimental results show that our detector achieve better performance than other payload-based anomaly detection systems.
引用
收藏
页码:566 / 569
页数:4
相关论文
共 11 条
[1]  
DAVID MJ, 2001, LNCS, V2096, P299
[2]  
KE W, ANOMALOUS BAYLOAD BA
[3]  
KOLESNIKOV O, ADV POLYM WORMS EVAD
[4]  
KRUEGEL C, 2003, ANOMALY DETECTION WE
[5]  
LIAN H, NINA TAFT
[6]  
Manevitz L. M., 2001, Journal of machine Learning research, V2, P139
[7]  
PERDISCI R, 2006, P 6 INT C DAT MIN
[8]  
Schoelkopf B., 1997, LECT NOTES COMPUTER
[9]  
Scholkopf B., 1996, NONLINEAR COMPONENT
[10]  
Tax D, 2003, DD TOOLS MATLAB TOOL
12