{"title":"基于一类支持向量机的网络入侵异常检测模型","authors":"Ming Zhang, Boyi Xu, Jie Gong","doi":"10.1109/MSN.2015.40","DOIUrl":null,"url":null,"abstract":"Intrusion detection occupies a decision position in solving the network security problems. Support Vector Machines (SVMs) are one of the widely used intrusion detection techniques. However, the commonly used two-class SVM algorithms are facing difficulties of constructing the training dataset. That is because in many real application scenarios, normal connection records are easy to be obtained, but attack records are not so. We propose an anomaly detection model based on One-class SVM to detect network intrusions. The one-class SVM adopts only normal network connection records as the training dataset. But after being trained, it is able to recognize normal from various attacks. This just meets the requirements of the anomaly detection. Experimental results on KDDCUP99 dataset show that compared to Probabilistic Neural Network (PNN) and C-SVM, our anomaly detection model based on One-class SVM achieves higher detection rates and yields average better performance in terms of precision, recall and F-value.","PeriodicalId":363465,"journal":{"name":"2015 11th International Conference on Mobile Ad-hoc and Sensor Networks (MSN)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"41","resultStr":"{\"title\":\"An Anomaly Detection Model Based on One-Class SVM to Detect Network Intrusions\",\"authors\":\"Ming Zhang, Boyi Xu, Jie Gong\",\"doi\":\"10.1109/MSN.2015.40\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection occupies a decision position in solving the network security problems. Support Vector Machines (SVMs) are one of the widely used intrusion detection techniques. However, the commonly used two-class SVM algorithms are facing difficulties of constructing the training dataset. That is because in many real application scenarios, normal connection records are easy to be obtained, but attack records are not so. We propose an anomaly detection model based on One-class SVM to detect network intrusions. The one-class SVM adopts only normal network connection records as the training dataset. But after being trained, it is able to recognize normal from various attacks. This just meets the requirements of the anomaly detection. Experimental results on KDDCUP99 dataset show that compared to Probabilistic Neural Network (PNN) and C-SVM, our anomaly detection model based on One-class SVM achieves higher detection rates and yields average better performance in terms of precision, recall and F-value.\",\"PeriodicalId\":363465,\"journal\":{\"name\":\"2015 11th International Conference on Mobile Ad-hoc and Sensor Networks (MSN)\",\"volume\":\"33 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-12-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"41\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 11th International Conference on Mobile Ad-hoc and Sensor Networks (MSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MSN.2015.40\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 11th International Conference on Mobile Ad-hoc and Sensor Networks (MSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MSN.2015.40","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Anomaly Detection Model Based on One-Class SVM to Detect Network Intrusions
Intrusion detection occupies a decision position in solving the network security problems. Support Vector Machines (SVMs) are one of the widely used intrusion detection techniques. However, the commonly used two-class SVM algorithms are facing difficulties of constructing the training dataset. That is because in many real application scenarios, normal connection records are easy to be obtained, but attack records are not so. We propose an anomaly detection model based on One-class SVM to detect network intrusions. The one-class SVM adopts only normal network connection records as the training dataset. But after being trained, it is able to recognize normal from various attacks. This just meets the requirements of the anomaly detection. Experimental results on KDDCUP99 dataset show that compared to Probabilistic Neural Network (PNN) and C-SVM, our anomaly detection model based on One-class SVM achieves higher detection rates and yields average better performance in terms of precision, recall and F-value.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
