Inductive intrusion detection in flow-based network data using One-Class Support Vector Machines

2011 4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011 - Proceedings

Volumn , Issue , 2011, Pages

  Winter, Philipp ^a   Hermann, Eckehard ^a   Zeilinger, Markus ^a  

^a UNIVERSITY OF APPLIED SCIENCES UPPER AUSTRIA   (Austria)

Author keywords

Machine learning; Netflow; Network intrusion detection; Support vector machine

Indexed keywords

ANOMALY DETECTION SYSTEMS; DEEP PACKET INSPECTION; FALSE ALARM RATE; INTRUSION DETECTION SYSTEMS; LARGE-SCALE NETWORK; MACHINE-LEARNING; NETFLOW; NETWORK DATA; NETWORK FLOWS; NETWORK INTRUSION DETECTION; NETWORK INTRUSION DETECTION SYSTEMS; NETWORK SPEED; NETWORK TRAFFIC; ONE-CLASS SUPPORT VECTOR MACHINE; PERFORMANCE PROBLEMS; RESEARCH EFFORTS;

ALARM SYSTEMS; COMPUTER CRIME; GEARS; SUPPORT VECTOR MACHINES; VECTORS;

INTRUSION DETECTION;

EID: 79952826624     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NTMS.2011.5720582     Document Type: Conference Paper

References (20)

1. Y. Gao, Z. Li, and Y. Chen, "A DoS Resilient Flow-level Intrusion Detection Approach for High-speed Networks," in Proc. of the 26th IEEE International Conference on Distributed Computing Systems (ICDCS '06), Washington, DC, USA, 2006, p. 39.
2. A. Karasaridis, B. Rexroad, and D. Hoeflin, "Wide-scale botnet detection and characterization," in Proc. of the first conference on Hot Topics in Understanding Botnets (HotBots '07), Berkeley, CA, USA, 2007, p. 7.
3. A. Shahrestani, M. Feily, R. Ahmad, and S. Ramadass, "Architecture for Applying Data Mining and Visualization on Network Flow for Botnet Traffic Detection," in Proc. of the International Conference on Computer Technology and Development (ICCTD '09), Washington, DC, USA, 2009, pp. 33-37.
4. C. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer, "Using Machine Learning Techniques to Identify Botnet Traffic," in 2nd IEEE LCN Workshop on Network Security (WoNS '06), 2006, pp. 967-974.
5. A. Sperotto et al., "An Overview of IP Flow-Based Intrusion Detection," IEEE Communications Surveys Tutorials, vol. 12, no. 3, pp. 343-356, 2010.
6. R. P. Lippmann et al., "Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation," in Proc. of the DARPA Information Survivability Conference and Exposition, 2000, pp. 12-26.
7. J. McHugh, "Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory," ACM Transactions on Information and System Security, vol. 3, no. 4, pp. 262-294, 2000.
8. "KDD Cup 1999: General Information," 1999, http://www.sigkdd. org/kddcup/index.php?section=1999&method=info.
9. A. Sperotto, R. Sadre, F. Vliet, and A. Pras, "A Labeled Data Set for Flow-Based Intrusion Detection," in Proc. of the 9th IEEE International Workshop on IP Operations and Management (IPOM '09), Berlin, Heidelberg, 2009, pp. 39-50.
10. C. Gates and C. Taylor, "Challenging the anomaly detection paradigm: a provocative discussion," in Proc. of the 2006 workshop on New security paradigms (NSPW '06), New York, NY, USA, 2007, pp. 21-29. (Pubitemid 350239697)
11. R. Sommer and V. Paxson, "Outside the closed world: On using machine learning for network intrusion detection," in IEEE Symposium on Security and Privacy (S&P), May 2010, pp. 305-316.
12. B. Schölkopf et al., "Estimating the Support of a High-Dimensional Distribution," Neural Computation, vol. 13, no. 7, pp. 1443-1471, 2001. (Pubitemid 33595028)
13. C.-C. Chang and C.-J. Lin, LIBSVM: a library for support vector machines, 2001, software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm.
14. L. Khan, M. Awad, and B. Thuraisingham, "A new intrusion detection system using support vector machines and hierarchical clustering," The VLDB Journal, vol. 16, no. 4, pp. 507-521, 2007.
15. "Grml," http://www.grml.org.
16. "tcpdump / libpcap," http://www.tcpdump.org.
17. "softflowd," http://www.mindrot.org/projects/softflowd/.
18. C.-W. Hsu, C.-C. Chang, and C.-J. Lin, "A Practical Guide to Support Vector Classification," 2000.
19. Q.-Z. Yao, J. Cai, and J.-L. Zhang, "Simultaneous Feature Selection and LS-SVM Parameters Optimization Algorithm Based on PSO," in Proc. of the WRI World Congress on Computer Science and Information Engineering (CSIE '09), Washington, DC, USA, 2009, pp. 723-727.
20. S.-W. Lin, T.-Y. Tseng, S.-C. Chen, and J.-F. Huang, "A SA-Based Feature Selection and Parameter Optimization Approach for Support Vector Machine," in IEEE International Conference on Systems, Man and Cybernetics (SMC '06), vol. 4, 2006, pp. 3144-3145.