Skip to main content
SpringerLink
Log in
SpringerLink
Log in

String Kernel Based SVM for Internet Security Implementation

  • Conference paper
Neural Information Processing (ICONIP 2009)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5864))

Included in the following conference series:

  • 1702 Accesses

Abstract

For network intrusion and virus detection, ordinary methods detect malicious network traffic and viruses by examining packets, flow logs or content of memory for any signatures of the attack. This implies that if no signature is known/created in advance, attack detection will be problematical. Addressing unknown attacks detection, we develop in this paper a network traffic and spam analyzer using a string kernel based SVM (support vector machine) supervised machine learning. The proposed method is capable of detecting network attack without known/earlier determined attack signatures, as SVM automatically learning attack signatures from traffic data. For application to internet security, we have implemented the proposed method for spam email detection over the SpamAssasin and E. M. Canada datasets, and network application authentication via real connection data analysis. The obtained above 99% accuracies have demonstrated the usefulness of string kernel SVMs on network security for either detecting ‘abnormal’ or protecting ‘normal’ traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chang, C.-C., Lin, C.-J.: LIBSVM:a library for support vector machines (2001), http://www.csie.ntu.edu.tw/~cjlin/libsvm

  2. Shawe-Taylor, J., Cristianini, N.: Kernel Methods for Pattern Analysis. Cambridge University Press, New York (2004)

    Google Scholar 

  3. Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. Wiley-Interscience, Hoboken (2000)

    Google Scholar 

  4. Charras, C., Lecroqk, T.: Sequence comparison (1998), http://www-igm.univ-mlv.fr/~lecroq/seqcomp/index.html

  5. Lodhi, H., Saunders, C., Shawe-Taylor, J., Cristianini, N., Watkins, C.: Text classification using string kernels. J. Mach. Learn. Res. 2, 419–444

    Google Scholar 

  6. Fisk, M., Varghese, G.: Applying Fast String Matching to Intrusion Detection (September 2002)

    Google Scholar 

  7. Aizerman, A., Braverman, E.M., Rozoner, L.I.: Theoretical foundations of the potential function method in pattern recognition learning. Automation and Remote Control 25, 821–837 (1964)

    Google Scholar 

  8. Boser, B.E., Guyon, I.M., Vapnik, V.N.: A training algorithm for optimal margin classifiers. In: COLT 1992: Proceedings of the fifth annual workshop on Computational learning theory, pp. 144–152. ACM, New York (1992)

    Chapter  Google Scholar 

  9. Yuan, G.-X., Chang, C.-C., Lin, C.-J.: LIBSVM: libsvm experimental code for string inputs, http://140.112.30.28/~cjlin/libsvmtools/string/libsvm-2.88-string.zip

  10. Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (idps). In: NIST: National Institute of Standards and Technology (2007), http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf

  11. Vapnik, V.N.: The nature of statistical learning. Springer, New York (1995)

    MATH  Google Scholar 

  12. Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines and Other Kernel-based Learning Methods. Cambridge University Press, Cambridge (2000)

    Google Scholar 

  13. Caswell, B., Beale, J., Foster, J.C., Faircloth, J.: Snort 2.0 Intrusion Detection. Syngress (2003), http://www.amazon.ca/exec/obidos/redirect?tag=citeulike09-20&path=ASIN/1931836744

  14. Whitman, M.E., Mattord, H.J.: Principles of Information Security. Course Technology Press, Boston (2004)

    Google Scholar 

  15. Combs, G., et al.: Wireshark: network protocol analyzer, http://www.wireshark.org/

  16. Elson, J.: tcpflow: tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis, http://www.circlemud.org/jelson/software/tcpflow/

  17. Bogomolny, A.: Distance Between Strings, http://www.cut-the-knot.org/doyouknow/Strings.shtml

  18. SpamAssassin public mail corpus, http://spamassassin.apache.org/publiccorpus/

  19. Spam dataset, http://www.em.ca/7Ebruceg/spam/

  20. Lai, C.-C.: An empirical study of three machine learning methods for spam filtering. Knowledge-Based Systems 20, 249–254 (2007)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Knowledge Engineering & Discover Research Institute, Auckland University of Technology, Private Bag 92006, Auckland, 1020, New Zealand

    Zbynek Michlovský, Shaoning Pang & Nikola Kasabov

  2. Information Security Research Center, National Institute of Information and Communications Technology, Tokyo, 184-8795, Japan

    Tao Ban & Youki Kadobayashi

Authors
  1. Zbynek Michlovský
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shaoning Pang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nikola Kasabov
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tao Ban
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Youki Kadobayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electronic Engineering, City University of Hong Kong, Hong Kong,  

    Chi Sing Leung

  2. School of Electrical Engineering and Computer Science, Kyungpook National University, 1370 Sankyuk-Dong, Puk-Gu, 702-701, Taegu, Korea

    Minho Lee

  3. School of Information Technology, King Mongkut’s University of Technology Thonburi, 126 Pracha-U-Thit Rd., Bangmod, Thungkru, 10140, Bangkok, Thailand

    Jonathan H. Chan

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Michlovský, Z., Pang, S., Kasabov, N., Ban, T., Kadobayashi, Y. (2009). String Kernel Based SVM for Internet Security Implementation. In: Leung, C.S., Lee, M., Chan, J.H. (eds) Neural Information Processing. ICONIP 2009. Lecture Notes in Computer Science, vol 5864. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10684-2_59

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10684-2_59

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10682-8

  • Online ISBN: 978-3-642-10684-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation