Capture the drifting of normal behavior traces for adaptive intrusion detection using modified SVMS

Author

Zhang, Zong-Hua ; Shen, Hong

Author_Institution

Graduate Sch. of Inf. Sci., Japan Adv. Inst. of Sci. & Technol., Ishikawa, Japan

Volume

5

fYear

2004

fDate

26-29 Aug. 2004

Firstpage

3046

Abstract

To capture the drifting of normal behavior traces for suppressing false alarms of intrusion detection, an adaptive intrusion detection system AID with incremental learning ability is proposed in this paper. A generic framework, including several important components, is discussed in details. One-class support vector machine is modified as the kernel algorithm of AID, and the performance is evaluated using reformulated 1998 DARPA BSM data set. The experimental results indicate that the modified SVMs can be trained in a incremental way, and the performance outperform that of the original ones with fewer support vectors (SVs) and less training time without decreasing detection accuracy. Both of these achievements benefit an adaptive intrusion detection system significantly.

Keywords

adaptive systems; learning (artificial intelligence); security of data; support vector machines; DARPA BSM data set; adaptive intrusion detection system; false alarm suppression; incremental learning; kernel algorithm; modified SVM; support vector machine; Adaptive systems; Authentication; Authorization; Cryptography; Detectors; Information science; Intrusion detection; Kernel; Machine learning; Support vector machines;

fLanguage

English

Publisher

ieee

Conference_Titel

Machine Learning and Cybernetics, 2004. Proceedings of 2004 International Conference on

Print_ISBN

0-7803-8403-2

Type

conf

DOI

10.1109/ICMLC.2004.1378555

Filename

1378555