[1]LUO Jun,PAN Zhi-song,HU Gu-yu.A network security audit system based on support vector data description algorithm[J].CAAI Transactions on Intelligent Systems,2007,2(4):69-73.
Copy

A network security audit system based on support vector data description algorithm

CAAI Transactions on Intelligent Systems[ISSN 1673-4785/CN 23-1538/TP] Volume: 2 Number of periods: 2007 4 Page number: 69-73 Column: 学术论文—智能系统 Public date: 2007-08-25
Title:
A network security audit system based on support vector data description algorithm
Author(s):
LUO Jun PAN Zhi-song HU Gu-yu
Institute of Command Automation, PLA University of Science and Technology, Nan jing 210007, China
Keywords:
network security audit intrusion detection support vector data description on eclass classifier
CLC:
TP393.08
DOI:
-
Abstract:
Security audit, which is the basis of intrusion detection, provides the necessar y data for intrusion detection analysis. In traditional security audit and intru sion detection system, the characteristics of an attack need to be defined by ex perts for the system to be able to successfully identify anomalous activities. D ue to the difficulty in predicting attack data, in most cases administrators onl y get normal sequences of system calls. In this paper, a security audit system b a sed on SVDD algorithm was designed to resolve the oneclass problem in anomalo us activity detection. All activities deviating from normal patterns were classi fied as potential intrusions. In experiments using the international standard da ta set MIT LPR, the oneclass classifier achieved a 100% detection rate and a z ero false alarm rate for sequences of system calls based on a small training dat aset. The proposed algorithms can be trained for anomalous activity detection si mply by using normal samples and the algorithm also enables the security audit s ystem to detect new types of anomalous behavior.
References:
[1] BISHOP M. A standard audit trail format [A]. Proceeding of the 18th National Information Systems Security Conference [C]. Baltimore, l995.
[2]FORREST S, HOFMEYR S A. Computer immunology [J]. Communications of the A CM, 1997,40(10):88-96.
[3]WARRENDER C, FORREST S, PEARLMUTTER B. Detecting intrusion using system ca ll s: alternative data models [EB/OL].http://www.cs.unm.edu/~forrest/ publicatio ns/ Oaklandwithcite. pdf , 2000.
[4]FORREST S, HOFMEYR S A, LONGSTAFF T A. A sense of self for unix processes[ A]. IEEE Computer Society Press[C]. Los Alamitos, 1996.
[5]LEE W, STOLFO S J, MOK K W. A data mining framework for building intrusio n d etection models [A]. Proc the 1999 IEEE Symposium on Security and Privacy [C].Berkely, USA, 1999.
[6]HAYKIN S. Neural networksa comprehensive foundation[M ] 2nd. Beijing: Tsinghua University Press, 2001.
[7]CRISTIANINI N, TAYLOR J S. An introduction to SVMs and other kernel based learning methods[M]. Cambridge Univ Press, 2000.
[8]DAVID M J T. Oneclass classification [D]. Dissertation: ICT Grou p Delft Netherland,1999.
[9]MANEVITZ L M, YOUSEF M. Oneclass SVMs for document classification [J]. Journal of Machine Learning Research, 2001(2):139-154.
【10]RTSCH G, SCHLKOPF B, MIKA S M, et al. SVM and boosting: one class [R ]. Berlin, Germany: GMD FIRST Kekuiést, 2000.
[11]CHEN Y Q, ZHOU X, ET A L. Oneclass SVM for learning in image retrieval [ A]. IEEE Intl Conf on Image Proc (ICIP’2001) [C]. Thessaloniki, Greece, 200 1.
[12]COLIN C, KRISTIN P. A linear programming approach to novel ty detection[J]. Advances in Neural Information Processing System, 2001,1 3:25-28.
[13]潘志松,罗 隽.基于支持向量描述的人工免疫检测算法[J].哈尔滨工程大学学报,2006,27(增刊):302-306.
 PAN Zhisong, LUO Jun. An immune detector algorithm based suppert vector data des cription[J]. Journal of Harbin Enqineering University, 2006,27(supl):302-3 06.
Similar References:

Memo

-

Last Update: 2009-05-07

Copyright © CAAI Transactions on Intelligent Systems