An Enhanced Support Vector Machine Model for Intrusion Detection

Slides:



Advertisements
Similar presentations
Applications of one-class classification
Advertisements

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
An Introduction of Support Vector Machine
ICONIP 2005 Improve Naïve Bayesian Classifier by Discriminative Training Kaizhu Huang, Zhangbing Zhou, Irwin King, Michael R. Lyu Oct
Particle swarm optimization for parameter determination and feature selection of support vector machines Shih-Wei Lin, Kuo-Ching Ying, Shih-Chieh Chen,
Performance Evaluation of the Fuzzy ARTMAP for Network Intrusion Detection Nelcileno Araújo Ruy de Oliveira Ed’Wilson Tavares Ferreira Valtemir Nascimento.
A Comprehensive Study on Third Order Statistical Features for Image Splicing Detection Xudong Zhao, Shilin Wang, Shenghong Li and Jianhua Li Shanghai Jiao.
Service Discrimination and Audit File Reduction for Effective Intrusion Detection by Fernando Godínez (ITESM) In collaboration with Dieter Hutter (DFKI)
WRSTA, 13 August, 2006 Rough Sets in Hybrid Intelligent Systems For Breast Cancer Detection By Aboul Ella Hassanien Cairo University, Faculty of Computer.
Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar Aneela Laeeq
Lecture #1COMP 527 Pattern Recognition1 Pattern Recognition Why? To provide machines with perception & cognition capabilities so that they could interact.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
A Study of the Relationship between SVM and Gabriel Graph ZHANG Wan and Irwin King, Multimedia Information Processing Laboratory, Department of Computer.
Machine Learning as Applied to Intrusion Detection By Christine Fossaceca.
Face Processing System Presented by: Harvest Jang Group meeting Fall 2002.
seminar on Intrusion detection system
Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar Aneela Laeeq
Intrusion Detection System Marmagna Desai [ 520 Presentation]
A hybrid method for gene selection in microarray datasets Yungho Leu, Chien-Pan Lee and Ai-Chen Chang National Taiwan University of Science and Technology.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)
Combining Supervised and Unsupervised Learning for Zero-Day Malware Detection © 2013 Narus, Inc. Prakash Comar 1 Lei Liu 1 Sabyasachi (Saby) Saha 2 Pang-Ning.
A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data Authors: Eleazar Eskin, Andrew Arnold, Michael Prerau,
Masquerade Detection Mark Stamp 1Masquerade Detection.
July 11, 2001Daniel Whiteson Support Vector Machines: Get more Higgs out of your data Daniel Whiteson UC Berkeley.
Detecting Network Violation Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming.
Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
Intrusion Detection Using Hybrid Neural Networks Vishal Sevani ( )
1 SUPPORT VECTOR MACHINES İsmail GÜNEŞ. 2 What is SVM? A new generation learning system. A new generation learning system. Based on recent advances in.
Machine Learning Using Support Vector Machines (Paper Review) Presented to: Prof. Dr. Mohamed Batouche Prepared By: Asma B. Al-Saleh Amani A. Al-Ajlan.
An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.
Kernel Methods A B M Shawkat Ali 1 2 Data Mining ¤ DM or KDD (Knowledge Discovery in Databases) Extracting previously unknown, valid, and actionable.
Data Mining Knowledge on rough set theory SUSHIL KUMAR SAHU.
One-class Training for Masquerade Detection Ke Wang, Sal Stolfo Columbia University Computer Science IDS Lab.
Implementation of Machine Learning and Chaos Combination for Improving Attack Detection Accuracy on Intrusion Detection System (IDS) Bisyron Wahyudi Kalamullah.
Prediction of Molecular Bioactivity for Drug Design Experiences from the KDD Cup 2001 competition Sunita Sarawagi, IITB
Frontiers in the Convergence of Bioscience and Information Technologies 2007 Seyed Koosha Golmohammadi, Lukasz Kurgan, Brendan Crowley, and Marek Reformat.
Protein Fold Recognition as a Data Mining Coursework Project Badri Adhikari Department of Computer Science University of Missouri-Columbia.
CISC Machine Learning for Solving Systems Problems Presented by: Ashwani Rao Dept of Computer & Information Sciences University of Delaware Learning.
Support Vector Machines and Gene Function Prediction Brown et al PNAS. CS 466 Saurabh Sinha.
GENDER AND AGE RECOGNITION FOR VIDEO ANALYTICS SOLUTION PRESENTED BY: SUBHASH REDDY JOLAPURAM.
Improving Support Vector Machine through Parameter Optimized Rujiang Bai, Junhua Liao Shandong University of Technology Library Zibo , China { brj,
Data Mining By Farzana Forhad CS 157B. Agenda Decision Tree and ID3 Rough Set Theory Clustering.
A Blackboard-Based Learning Intrusion Detection System: A New Approach
The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors : Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.
Next, this study employed SVM to classify the emotion label for each EEG segment. The basic idea is to project input data onto a higher dimensional feature.
SUPERVISED AND UNSUPERVISED LEARNING Presentation by Ege Saygıner CENG 784.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
A distributed PSO – SVM hybrid system with feature selection and parameter optimization Cheng-Lung Huang & Jian-Fan Dun Soft Computing 2008.
Using the Fisher kernel method to detect remote protein homologies Tommi Jaakkola, Mark Diekhams, David Haussler ISMB’ 99 Talk by O, Jangmin (2001/01/16)
Detecting BGP Anomalies Using Machine Learning Techniques
Experience Report: System Log Analysis for Anomaly Detection
Neural networks and support vector machines
CS 9633 Machine Learning Support Vector Machines
By Arijit Chatterjee Dr
Maximum Entropy Models and Feature Engineering CSCI-GA.2591
An Artificial Intelligence Approach to Precision Oncology
School of Computer Science & Engineering
Mixture of SVMs for Face Class Modeling
Active Learning Intrusion Detection using k-Means Clustering Selection
PEBL: Web Page Classification without Negative Examples
Support Vector Machines Introduction to Data Mining, 2nd Edition by
Statistical Learning Dong Liu Dept. EEIS, USTC.
A survey of network anomaly detection techniques
iSRD Spam Review Detection with Imbalanced Data Distributions
Remah Alshinina and Khaled Elleithy DISCRIMINATOR NETWORK
Shih-Wei Lin, Kuo-Ching Ying, Shih-Chieh Chen, Zne-Jung Lee
Modeling IDS using hybrid intelligent systems
Presentation transcript:

An Enhanced Support Vector Machine Model for Intrusion Detection J. T. Yao, S. L. Zhao, L. Fan Department of Computer Science University of Regina jtyao@cs.uregina.ca

Intrusion Detection Systems Intrusion detection: the art of detecting inappropriate, incorrect, or anomalous activity. Intrusion detection systems A set of processes, procedures, tools, software, hardware and databases having intrusion detection technologies that fit together. Misuse: attack originates from the internal network Intrusion: attacks from the outside 9/16/2018 J T Yao: Detection

IDS Functional Components Information Source Provides a stream of event records. Analysis Engine Analyzes event records and detects intrusion. Decision Maker Decides the reactions for intrusions. 9/16/2018 J T Yao: Detection

Detection Methods Misuse detection Anomaly detection Detecting intrusion by known intrusion signatures. Anomaly detection Mining normal event patterns from event records, then use these patterns to classify normal and intrusion events. 9/16/2018 J T Yao: Detection

Candidate AI Techniques Expert Systems Hidden Markov Model Fuzzy logic Classification Support Vector Machines (SVM) 9/16/2018 J T Yao: Detection

Support Vector Machines A machine learning method based on statistical learning theories. Classifies data by a set of support vectors that represent data patterns. Finds a discriminant function that classify new data. 9/16/2018 J T Yao: Detection

Benefits of Using SVM Good generalization ability Capability of handling a large number of features 9/16/2018 J T Yao: Detection

Problem of SVM on IDS All features are treated equally Noise features (some feature cause noise during classification) Redundant features High feature numbers affect performance Training process Detection process 9/16/2018 J T Yao: Detection

Thoughts of Solution Reducing feature number while keep the useful information Calculating the importance of features Treating features differently based on their importance 9/16/2018 J T Yao: Detection

An Enhancing SVM Model Using Rough Set to calculate reducts Calculate feature weights from reducts Remove redundant features based on weights Apply weights to SVM kernel 9/16/2018 J T Yao: Detection

Calculate Weights from Reducts The principles of calculation are If a feature is not in any reducts, its weight=0. More times a feature appears in reducts, more important the feature is. The fewer the number of features in a reduct, the more important these feature are. 9/16/2018 J T Yao: Detection

Apply Weights to Kernel Function The training result of SVM is where is the number of training records, is the Lagrange multipliers, is the label associated with the training data, is a constant, is the kernel function and is called a set of Support Vectors, is a bias term. Weight w is a diagonal matrix 9/16/2018 J T Yao: Detection

Weights Independent to Kernel Functions Could apply weights to any known kernel functions Restrict W>0 to make sure enhanced kernel function satisfies Mercer’s Condition 9/16/2018 J T Yao: Detection

Experiment Procedures 9/16/2018 J T Yao: Detection

Experiment Data Set KDD (Knowledge Discovery in Databases) Cup 1999 data set. Feature-value format. 41 features for each record. Original data set contains 744 MB data with 4,940,000 connection records. 9/16/2018 J T Yao: Detection

Experiment Data Set 2 UNM (University of New Mexico) data set. Sequence-based. Generate a trace each time a user access a certain UNIX process. 9/16/2018 J T Yao: Detection

KDD Training results of conventional SVM with different value of gamma (table 1) Exp1 Exp2 Exp3 Training record # 50,000 Feature # 41 Kernel type RBF Value of Generated SV # 6,948 1,868 1,057 9/16/2018 J T Yao: Detection

KDD Test results of conventional SVM with different values of gamma (table 2) Exp1 Exp2 Exp3 Test record # 10,000 Feature # 41 Value of # of misclassified 44 63 211 Accuracy 99.56% 99.37% 97.89% False Positive # 37 52 176 False Negative # 7 11 35 CPU seconds 49.53 11.34 8.32 9/16/2018 J T Yao: Detection

Comparisons of the experimental results on the KDD dataset (table 3) Test Result CPU Test set 1 Conventional SVM 10,000 41 99.82 7.69 222.28 Enhanced SVM 16 99.86 6.39 77.63 Improvement 60.0% 0.4% 16.9% 66.0% Test set 2 99.80 8.25 227.03 99.85 6.91 78.93 0.5% 16.2% 65.0% Test set 3 99.88 7.45 230.27 99.91 5.49 77.85 60% 0.3% 26.3% 9/16/2018 J T Yao: Detection

Comparisons of the experimental results on the UNM lpr dataset (table 4) Test Result CPU Test set 1 Conventional SVM 2,000 467 100 1.62 Enhanced SVM 9 0.28 Improvement 98% 83% Test set 2 1.71 0.29 Test set 3 1.59 0.25 84% 9/16/2018 J T Yao: Detection

Experiment Results Larger value of results a larger number of Support Vectors generated. Larger number of SVs results in higher detection accuracy and higher computation costs. Improvement of enhanced SVM is consistent for all the six test sets 9/16/2018 J T Yao: Detection

Experiment Results 2 Enhanced SVM outperforms the conventional SVM in precision, false negative rate and CPU time for KDD dataset. Enhanced SVM is 80% faster for lpr dataset. 9/16/2018 J T Yao: Detection

Experiment Results Although generated from a small training set, the decision boundary is consistent for whole data set The test results show little difference between small and full size of training set, which prove the good generalization ability of SVM. 9/16/2018 J T Yao: Detection

Conclusion An enhanced SVM model is introduced. Features are reduced and weighted. It has good generalization ability. It has better performance in two experiments. 9/16/2018 J T Yao: Detection

An Enhanced Support Vector Machine Model for Intrusion Detection J. T. Yao, S. L. Zhao, L. Fan Department of Computer Science University of Regina jtyao@cs.uregina.ca

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.