TY - GEN
T1 - Inductive intrusion detection in flow-based network data using One-Class Support Vector Machines
AU - Winter, Philipp
AU - Hermann, Eckehard
AU - Zeilinger, Markus
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2011
Y1 - 2011
N2 - Despite extensive research effort, ordinary anomaly detection systems still suffer from serious drawbacks such as high false alarm rates due to the enormous variety of network traffic. Also, increasingly fast network speeds pose performance problems to systems which base upon deep packet inspection. In this paper, we address these problems by proposing a novel inductive network intrusion detection system. The system operates on lightweight network flows and uses One-Class Support Vector Machines for analysis. In contrast to traditional anomaly detection systems, the system is trained with malicious rather than with benign network data. The system is suited for the load of large-scale networks and is less affected by typical problems of ordinary anomaly detection systems. Evaluations brought satisfying results which indicate that the proposed approach is interesting for further research and perfectly complements traditional signature-based intrusion detection systems.
AB - Despite extensive research effort, ordinary anomaly detection systems still suffer from serious drawbacks such as high false alarm rates due to the enormous variety of network traffic. Also, increasingly fast network speeds pose performance problems to systems which base upon deep packet inspection. In this paper, we address these problems by proposing a novel inductive network intrusion detection system. The system operates on lightweight network flows and uses One-Class Support Vector Machines for analysis. In contrast to traditional anomaly detection systems, the system is trained with malicious rather than with benign network data. The system is suited for the load of large-scale networks and is less affected by typical problems of ordinary anomaly detection systems. Evaluations brought satisfying results which indicate that the proposed approach is interesting for further research and perfectly complements traditional signature-based intrusion detection systems.
KW - Machine learning
KW - Netflow
KW - Network intrusion detection
KW - Support vector machine
UR - http://www.scopus.com/inward/record.url?scp=79952826624&partnerID=8YFLogxK
U2 - 10.1109/NTMS.2011.5720582
DO - 10.1109/NTMS.2011.5720582
M3 - Conference contribution
SN - 9781424487042
T3 - 2011 4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011 - Proceedings
BT - 2011 4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011 - Proceedings
PB - IEEE
T2 - 4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011
Y2 - 7 February 2011 through 10 February 2011
ER -