Adaptive SVDD-based Learning for False Alarm Reduction in Intrusion Detection

Tayeb Kenaza, Abdenour Labed, Yacine Boulahia, Mohcen Sebehi

2015

Abstract

During the last decade the support vector data description (SVDD) has been used by researchers to develop anomaly-based intrusion detection systems (IDS), with the ultimate objective to design new efficient IDS that achieve higher detection rates together with lower rates of false alerts. However, most of these systems are generally evaluated during a short period without considering the dynamic aspect of the monitored environment. They are never experimented to test their behavior in long-term, namely after some long period of deployment. In this paper, we propose an adaptive SVDD-based learning approach that aims at continuously enhancing the performances of the SVDD classifier by refining the training dataset. This approach consists of periodically evaluating the classifier by an expert, and feedback in terms of false positives and confirmed attacks is used to update the training dataset. Experimental results using both refined training dataset and compromised dataset (dataset with mislabeling) have shown promising results.

References

  1. Cortes, C. and Vapnik, V. (1995). Support-vector networks. Machine Learning, 20(3):273-297.
  2. Desir, C. (2013). Classification Automatique d'Images, Application à l'Imagerie du Poumon Profond. PhD thesis, Université de Rouen.
  3. Ghasemi Gol, M., Monsefi, R., and Yazdi, H. S. (2010). Intrusion detection by new data description method. In Intelligent Systems, Modelling and Simulation (ISMS), 2010 International Conference on, pages 1- 5. IEEE.
  4. Li, J. L. and Wang, B. Q. (2013). Detecting app-ddos attacks based on marking access and d-svdd. Applied Mechanics and Materials, 347:3734-3739.
  5. Liao, S.-H., Chu, P.-H., and Hsiao, P.-Y. (2012). Data mining techniques and applications a decade review from 2000 to 2011. Expert Systems with Applications, 39(12):11303 - 11311.
  6. Liu, B., Yin, J., Xiao, Y., Cao, L., and Yu, P. S. (2010). Exploiting local data uncertainty to boost global outlier detection. In Data Mining (ICDM), 2010 IEEE 10th International Conference on, pages 304-313. IEEE.
  7. Mazhelis, O. and Puuronen, S. (2007). A framework for behavior-based detection of user substitution in a mobile context. computers & security, 26(2):154-176.
  8. Onoda, T. and Kiuchi, M. (2012). Analysis of intrusion detection in control system communication based on outlier detection with one-class classifiers. In Proceedings of the 19th International Conference on Neural Information Processing - Volume Part
  9. V, ICONIP'12, pages 275-282, Berlin, Heidelberg.
  10. Tax, D. M. and Duin, R. P. (2004). Support vector data description. Machine learning, 54(1):45-66.
  11. Tax, D. M. and Laskov, P. (2003). Online svm learning: from classification to data description and back. In Neural Networks for Signal Processing, 2003. NNSP'03. 2003 IEEE 13th Workshop on, pages 499- 508. IEEE.
  12. Yu, J., Lee, H., Kim, M.-S., and Park, D. (2008). Traffic flooding attack detection with snmp mib using svm. Computer Communications, 31(17):4212-4219.
Download


Paper Citation


in Harvard Style

Kenaza T., Labed A., Boulahia Y. and Sebehi M. (2015). Adaptive SVDD-based Learning for False Alarm Reduction in Intrusion Detection . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 405-412. DOI: 10.5220/0005573204050412


in Bibtex Style

@conference{secrypt15,
author={Tayeb Kenaza and Abdenour Labed and Yacine Boulahia and Mohcen Sebehi},
title={Adaptive SVDD-based Learning for False Alarm Reduction in Intrusion Detection},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={405-412},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005573204050412},
isbn={978-989-758-117-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Adaptive SVDD-based Learning for False Alarm Reduction in Intrusion Detection
SN - 978-989-758-117-5
AU - Kenaza T.
AU - Labed A.
AU - Boulahia Y.
AU - Sebehi M.
PY - 2015
SP - 405
EP - 412
DO - 10.5220/0005573204050412