Inductive intrusion detection in flow-based network data using One-Class Support Vector Machines

Research output: Chapter in Book/Report/Conference proceedingsConference contributionpeer-review

82 Citations (Scopus)

Abstract

Despite extensive research effort, ordinary anomaly detection systems still suffer from serious drawbacks such as high false alarm rates due to the enormous variety of network traffic. Also, increasingly fast network speeds pose performance problems to systems which base upon deep packet inspection. In this paper, we address these problems by proposing a novel inductive network intrusion detection system. The system operates on lightweight network flows and uses One-Class Support Vector Machines for analysis. In contrast to traditional anomaly detection systems, the system is trained with malicious rather than with benign network data. The system is suited for the load of large-scale networks and is less affected by typical problems of ordinary anomaly detection systems. Evaluations brought satisfying results which indicate that the proposed approach is interesting for further research and perfectly complements traditional signature-based intrusion detection systems.

Original languageEnglish
Title of host publication2011 4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011 - Proceedings
PublisherIEEE
ISBN (Print)9781424487042
DOIs
Publication statusPublished - 2011
Event4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011 - Paris, France
Duration: 7 Feb 201110 Feb 2011

Publication series

Name2011 4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011 - Proceedings

Conference

Conference4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011
Country/TerritoryFrance
CityParis
Period07.02.201110.02.2011

Keywords

  • Machine learning
  • Netflow
  • Network intrusion detection
  • Support vector machine

Fingerprint

Dive into the research topics of 'Inductive intrusion detection in flow-based network data using One-Class Support Vector Machines'. Together they form a unique fingerprint.

Cite this