Abstract
Due to the increase in unauthorized access and stealing of internet resources, internet security has become a very significant issue. Network anomalies in particular can cause many potential problems, but it is difficult to discern these from normal traffic. In this paper, we focus on a Support Vector Machine (SVM) and a genetic algorithm to detect network anomalous attacks. We first use a genetic algorithm (GA) for choosing proper fields of traffic packets for analysis. Only the selected fields are used, and a time delay processing is applied to SVM for considering temporal relationships among packets. In order to verify our approach, we tested our proposal with the datasets of MIT Lincoln Lab, and then analyzed its performance. Our SVM approach with selected fields showed excellent performance.
This work was supported by the Ministry of Information Communications, Korea, under the Information Technology Research Center Support Program supervised by the IITA.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Anderson, D., et al.: Detecting Unusual Program Behavior Using the Statistical Component of the Next-Generation Intrusion Detection, SRI-CSL-95-06, Computer Science Laboratory, SRI International, Menlo Park, CA (1995)
Anderson, D., et al.: Expert System (NIDES), Technical Report SRI-CSL-95-06, Computer Science Laboratory, SRI International, Menlo Park, CA (1995)
Cabrera, et al.: Statistical Traffic Modeling For Network Intrusion Detection. In: Proc of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, San Francisco, CA, pp. 466–476 (2000)
Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. IEEE Symposium on Security and Privacy (2001)
Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceedings of 8th International Conference on Knowledge Discovery and Data Mining, pp. 376–385 (2002)
Holland, J.: Adaptation in Natural and Artificial Systems. Michigan Press, Ann Arbor (1995)
Siedlecki, et al.: On automatic feature selection. International Journal of Pattern Recognition 2, 197–220 (1998)
Langley, P.: Elements of Machine Learning. Morgan Kaufmann, San Francisco (1995)
Doak, J.: An evaluation of feature selection methods and their application to computer security, Technical Report CSE-92-18, Dept. of CS, UC at Davis, CA (1992)
Yang, J., Honavar, V.: Feature Subset Selection using a genetic algorithm. In: Proceedings of the Genetic Programming Conference, Stanford, CA, pp. 380–385 (1998)
Lau, M., Schultz, M.: A Feature Selection Method for Gene Expression Data with Thousands of Features, Technical Report, CS-490, Yale University (2002)
Vapnik, V.: The Nature of Statistical Learning Theory. Springer, New York (1995)
Campbell, C., Cristianini, N.: Simple learning algorithms for training support vector machines, Technical report, University of Bristol (1998)
Pontil, M., Verri, A.: Properties of Support Vector Machines, A.I. Memo No. 1612; CBCL paper No. 152, Massachusetts Institute of Technology, Cambridge (1997)
Cristianini, N.: An Introduction to Support Vector Machines. Cambridge University Press, Cambridge (2000)
Byun, H., Lee, S.W.: A Survey on Pattern Recognition Applications of Support Vector Machines. International Journal of Pattern Recognition and Artificial Intelligence 17(3), 459–486 (2003)
Heller, K.A., Svore, K.M., Keromytis, A., Stolfo, S.J.: One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses. In: the proceedings of the workshop on Data Mining for Computer Security, pp. 2–9 (2003)
Hu, W., Liao, Y., Vemuri, V.R.: Robust Support Vector Machines for Anamoly Detection in Computer Security. In: International Conference on Machine Learning, Los Angeles, CA (July 2003)
Sung, A.H., et al.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc SAINT, pp. 209–217 (2003)
Lincoln Laboratory, MIT, DARPA Intrusion Detection Evaluation (1999)
Mitchell, M.: An Introduction to Genetic Algorithms. MIT Press, Cambridge (2002)
Joachmims, T.: mySVM - a Support Vector Machine, University Dortmund (2002)
Chang, C.C.: LIBSVM: a library for support vector machines (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shon, T., Seo, J., Moon, J. (2005). SVM Approach with a Genetic Algorithm for Network Intrusion Detection. In: Yolum, p., Güngör, T., Gürgen, F., Özturan, C. (eds) Computer and Information Sciences - ISCIS 2005. ISCIS 2005. Lecture Notes in Computer Science, vol 3733. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11569596_25
Download citation
DOI: https://doi.org/10.1007/11569596_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29414-6
Online ISBN: 978-3-540-32085-2
eBook Packages: Computer ScienceComputer Science (R0)