A probability approach to anomaly detection with twin support vector machines

Article
First Online:
Received:

Abstract

Classification of intrusion attacks and normal network flow is a critical and challenging issue in network security study. Many intelligent intrusion detection models are proposed, but their performances and efficiencies are not satisfied to real computer networks. This paper presents a novel effective intrusion detection system based on statistic reference model and twin support vector machines (TWSVMs). Moreover, a network flow feature selection procedure has been studied and implemented with TWSVMs. The performances of proposed system are evaluated through using the fifth international conference on knowledge discovery and data mining in 1999 (KDD’99) data set collected at MIT’s Lincoln Labs and the results indicate that the proposed system is more efficient and effective than conventional support vector machines (SVMs) and TWSVMs.

Key words

intrusion detection system (IDS) twin support vector machines (TWSVMs) probability 

CLC number

TP 305 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Cunningham R K, Lippmann R P, et al. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation [C]// Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX). Hilton Head South Carolina, USA: IEEE, 2000: 12–26.Google Scholar
  2. [2]
    Shun J, Malki H A. Network intrusion detection system using neural networks [C]//The Fourth International Conference on Natural Computation, 2008. Ji’nan Shandong, China: Local Organization Committee, 2008: 242–246.CrossRefGoogle Scholar
  3. [3]
    Salvatore S J, Wei F, Wenke L, et al. Cost-based modeling for fraud and intrusion detection: Results from the JAM project [C]//DARPA Information Survivability Conference and Exposition 2000(DISCEX’ 00). Hilton Head South Carolina, USA: IEEE, 2000: 130–144.Google Scholar
  4. [4]
    Lee J H, Lee J H, Sohn S G, et al. Effective value of decision tree with KDD’99 intrusion detection datasets for intrusion detection system [C]//The 10th International Conference on Advanced Communication Technology. Phoneix Park, Korea: Local Organization Committee, 2008: 1170–1175.CrossRefGoogle Scholar
  5. [5]
    Jayadeva, Khemchandani R, Suresh C. Twin support vector machines for pattern classification [J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2007, 29(5): 905–910.CrossRefGoogle Scholar
  6. [6]
    Zhong S, Khoshgoftaar T M, Seliya N. Clustering-based network intrusion detection [J]. International Journal of Reliability, Quality, and Safety Engineering, 2007, 14(2): 169–187.CrossRefGoogle Scholar
  7. [7]
    Androulidakis G, Chatzigiannakis V, Grammatikou M. Network flow-based anomaly detection of DoS attacks [C]//TERENA Networking Conference 2004. Rhodes, Greece: TERENA Conference Organization Committee, 2004: 7–10.Google Scholar
  8. [8]
    Thottan M, Ji C Y. Anomaly detection in IP networks [J]. IEEE Transactions on Signal Processing, 2003, 51(8): 2191–2204.CrossRefGoogle Scholar
  9. [9]
    Dillon R M, Manikopoulos C N. Neural network nonlinear prediction for speech data [J]. IEEE Electronics Letters, 1991, 27(10): 824–826.CrossRefGoogle Scholar
  10. [10]
    Song S, Ling L, Manikopoulo C N. Flow-based statistical aggregation schemes for network anomaly detection [C]//The 2006 IEEE International Conference on Networking, Sensing and Control. Lauderdale, USA: Local Organization Committee, 2006: 786–791.CrossRefGoogle Scholar
  11. [11]
    Mukkamala S, Janoski G, Sung A. Intrusion detection using neural networks and support vector machines [C]//Proceedings of 2002 International Joint Conference on Neural Networks (IJCNN). Honolulu, Hawaii, USA: Local Organization Committee, 2002: 1702–1707.Google Scholar
  12. [12]
    Lee W, Stolfo S J. A framework for constructing features and models for intrusion detection systems [J]. ACM Transactions on Information and System Security (TISSEC), 2000, 3(4): 227–261.CrossRefGoogle Scholar
  13. [13]
    Sung A H. Ranking importance of input parameters of neural networks [J]. Expert Systems with Applications, 1998, 15(3–4): 405–411.CrossRefGoogle Scholar

Copyright information

© Shanghai Jiaotong University and Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.Department of Electronic EngineeringShanghai Jiaotong UniversityShanghaiChina

Personalised recommendations