Title :
Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines
Author :
Winter, Philipp ; Hermann, Eckehard ; Zeilinger, Markus
Author_Institution :
Dept. of Secure Inf. Syst., Upper Austria Univ. of Appl. Sci., Hagenberg, Austria
Abstract :
Despite extensive research effort, ordinary anomaly detection systems still suffer from serious drawbacks such as high false alarm rates due to the enormous variety of network traffic. Also, increasingly fast network speeds pose performance problems to systems which base upon deep packet inspection. In this paper, we address these problems by proposing a novel inductive network intrusion detection system. The system operates on lightweight network flows and uses One-Class Support Vector Machines for analysis. In contrast to traditional anomaly detection systems, the system is trained with malicious rather than with benign network data. The system is suited for the load of large-scale networks and is less affected by typical problems of ordinary anomaly detection systems. Evaluations brought satisfying results which indicate that the proposed approach is interesting for further research and perfectly complements traditional signature-based intrusion detection systems.
Keywords :
computer network security; support vector machines; anomaly detection systems; deep packet inspection; flow-based network data; inductive network intrusion detection system; network traffic; one-class support vector machines; signature-based intrusion detection systems; IP networks; Intrusion detection; Optimization; Protocols; Support vector machines; Testing; Training;
Conference_Titel :
New Technologies, Mobility and Security (NTMS), 2011 4th IFIP International Conference on
Conference_Location :
Paris
Print_ISBN :
978-1-4244-8705-9
Electronic_ISBN :
2157-4952
DOI :
10.1109/NTMS.2011.5720582
