Model Selection for Kernel Based Intrusion Detection Systems
This paper describes results concerning the robustness and generalization capabilities of a supervised machine learning method in detecting intrusions using network audit trails. We also evaluate the impact of kernel type and parameter values on the accuracy with which a support vector machine (SVM) performs intrusion classification. We show that classification accuracy varies with the kernel type and the parameter values; thus, with appropriately chosen parameter values, intrusions can be detected by SVMs with higher accuracy and lower rates of false alarms.
Feature selection is as important for intrusion detection as it is for many other problems. We present support vector decision feature selection method for intrusion detection. It is demonstrated that, with appropriately chosen features, intrusions can be detected in real time or near real time.
KeywordsSupport Vector Machine Receiver Operating Characteristic Curve False Alarm Rate Intrusion Detection Support Vector Machine Model
Unable to display preview. Download preview PDF.
- Mukkamala, S., Janowski, G., Sung. A.H. (2002) Intrusion Detection Using Neural Networks and Support Vector Machines. Proceedings of IEEE International Joint Conference on Neural Networks 2002, IEEE press, pp. 1702–1707Google Scholar
- Hu, W., Liao, Y., Vemuri., V.R. (2003) Robust Support Vector Machines for Anamoly Detection in Computer Security. International Conference on Machine Learning, pp. 168–174Google Scholar
- Heller, K.A., Svore, K.M., Keromytis, A.D., Stolfo, S. J. (2003) One Class Support Vector Machines for Detecting Anomalous Window Registry Accesses. In 3rd IEEE Conference Data Mining Workshop on Data Mining for Computer SecurityGoogle Scholar
- Lazarevic, A., Ertoz, L., Ozgur, A., Srivastava, J., Kumar, V. (2003) A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In Third SIAM Conference on Data MiningGoogle Scholar
- Stolfo, J., Wei, F., Lee, W., Prodromidis, A., Chan, P.K. (1999) Cost-based Modeling and Evaluation for Data Mining with Application to Fraud and Intrusion Detection. Results from the JAM ProjectGoogle Scholar
- Mukkamala, S., Sung, A.H., (2003) Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transportation Research Board of the National Academics, Transportation Research Record No 1822: 33–39Google Scholar
- Mukkamala, S., Sung, A.H. (2003) Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques. In International Journal on Digital Evidence, IJDE 3Google Scholar
- Kendall, K. (1998) A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master’s Thesis, Massachusetts Institute of Technology (MIT)Google Scholar
- Webster, S.E. (1998) The Development and Analysis of Intrusion Detection Algorithms. Master’s Thesis, MITGoogle Scholar
- Chapelle, O., Vapnik, V. (1999) Model selection for support vector machines. Advances in Neural Information Processing Systems 12Google Scholar
- Cristianini, N., Taylor, J.S. (2000) Support Vector Machines and Other Kernel-based Learning Algorithms. Cambridge, UK: Cambridge University PressGoogle Scholar
- Egan, J.P. (1975) Signal detection theory and ROC analysis. New York: Academic PressGoogle Scholar