A machine learning framework for network anomaly detection using SVM and GA

Author

Shon, Taeshik ; Kim, Yongdue ; Lee, Cheolwon ; Moon, Jongsub

Author_Institution

Center for Inf. Security Technol., Korea Univ., Seoul, South Korea

fYear

2005

Firstpage

176

Lastpage

183

Abstract

In today´s world of computer security, Internet attacks such as Dos/DDos, worms, and spyware continue to evolve as detection techniques improve. It is not easy, however, to distinguish such new attacks using only knowledge of pre-existing attacks. In this paper the authors focused on machine learning techniques for detecting attacks from Internet anomalies. The machine learning framework consists of two major components: genetic algorithm (GA) for feature selection and support vector machine (SVM) for packet classification. By experiment it is also demonstrated that the proposed framework outperforms currently employed real-world NIDS.

Keywords

genetic algorithms; invasive software; learning (artificial intelligence); support vector machines; DDos attack; Dos attack; Internet anomalies; Internet attacks; SVM; computer security; feature selection; genetic algorithm; intrusion detection; machine learning; network anomaly detection; network security; packet classification; spyware; support vector machine; worms; Computer security; Computer worms; Data mining; Humans; Information security; Internet; Intrusion detection; Machine learning; Robustness; Support vector machines;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC

Print_ISBN

0-7803-9290-6

Type

conf

DOI

10.1109/IAW.2005.1495950

Filename

1495950