Title :
Predicting intrusions with local linear models
Author :
Hu, PingZhao ; Heywood, Malcolm I.
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
Intrusion Detection Systems are typically deployed for real time operation, but are limited to identifying attacks once initiated. In this work we instead investigate the potential for predicting an attack before it occurs. To do so, a two-stage process is employed with a classification stage following that of a predictor. Predictors are based on the SOM and classifier on an SVM. Training and test is conducted using the ´TCP´ connection features from the DARPA KDD competition data set. In spite of the simplicity of the model, the system is able to provide false positive and false negative rates of 23.8% and 7.1% respectively for one step-ahead prediction.
Keywords :
learning (artificial intelligence); online operation; safety systems; self-organising feature maps; support vector machines; transport protocols; SOM; SVM; TCP; false negative rates; false positive rates; intrusion detection systems; intrusion predictors; intrusions prediction; real time operation; self-organizing feature maps; support vector machines; transfer control protocol; Computer science; Intrusion detection; Organizing; Pattern analysis; Predictive models; Real time systems; Statistical analysis; Support vector machine classification; Support vector machines; Testing;
Conference_Titel :
Neural Networks, 2003. Proceedings of the International Joint Conference on
Print_ISBN :
0-7803-7898-9
DOI :
10.1109/IJCNN.2003.1223677
