Evaluating host-based anomaly detection systems: Application of the one-class SVM algorithm to ADFA-LD

Author

Miao Xie ; Jiankun Hu ; Slay, Jill

Author_Institution

Sch. of Eng. & Inf. Technol., Univ. of New South Wales at the Australian Defence Force Acad., Canberra, ACT, Australia

fYear

2014

fDate

19-21 Aug. 2014

Firstpage

978

Lastpage

982

Abstract

ADFA-LD is a recently released data set for evaluating host-based anomaly detection systems, aiming to substitute the existing benchmark data sets which have failed to reflect the characteristics of modern computer systems. In a previous work, we had attempted to evaluate ADFA-LD with a highly efficient frequency model but the performance is inferior. In this paper, we focus on the other typical technical category that detects anomalies with a short sequence model. In collaboration with the one-class SVM algorithm, a novel anomaly detection system is proposed for ADFA-LD. The numerical experiments demonstrate that it can not only achieve a satisfactory performance, but also reduce the computational cost largely.

Keywords

Linux; security of data; support vector machines; ADFA Linux data set; ADFA-LD; benchmark data sets; computational cost reduction; computer system characteristics; host-based anomaly detection system evaluation; numerical analysis; one-class SVM algorithm; performance enhancement; short-sequence model; support vector machine; Computational modeling; Hidden Markov models; Intrusion detection; Kernel; Support vector machines; Training; Vectors;

fLanguage

English

Publisher

ieee

Conference_Titel

Fuzzy Systems and Knowledge Discovery (FSKD), 2014 11th International Conference on

Conference_Location

Xiamen

Print_ISBN

978-1-4799-5147-5

Type

conf

DOI

10.1109/FSKD.2014.6980972

Filename

6980972