scholarly journals Architecture of Computer Intrusion Detection Based on Partially Ordered Events

10.5772/7525 ◽  
2010 ◽  
Author(s):  
Liberios Vokorokos ◽  
Anton Balaz
Keyword(s):  
Intrusion Detection ◽  
Partially Ordered ◽  
Computer Intrusion Detection

COMPUTER INTRUSION DETECTION WITH CLASSIFICATION AND ANOMALY DETECTION, USING SVMs

2003 ◽  
Vol 17 (03) ◽  
pp. 441-458 ◽  
Author(s):  
MIKE FUGATE ◽  
JAMES R. GATTIKER
Keyword(s):  
Support Vector Machine ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Mahalanobis Distance ◽  
Supervised Classification ◽  
Cyber Attacks ◽  
Support Vector ◽  
Joint Performance ◽  
Modeling And Prediction ◽  
Computer Intrusion Detection

This paper describes experiences and results applying Support Vector Machine (SVM) to a Computer Intrusion Detection (CID) dataset. First, issues in supervised classification are discussed, then the incorporation of anomaly detection enhancing the modeling and prediction of cyber-attacks. SVM methods are seen as competitive with benchmark methods and other studies, and are used as a standard for the anomaly detection investigation. The anomaly detection approaches compare one class SVMs with a thresholded Mahalanobis distance to define support regions. Results compare the performance of the methods and investigate joint performance of classification and anomaly detection. The dataset used is the DARPA/KDD-99 publicly available dataset of features from network packets, classified into nonattack and four-attack categories.

Sign in / Sign up

Export Citation Format

Share Document