Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Roberto Perdisci Articles by Guofei Gu Articles by Wenke Lee

Sixth IEEE International Conference on Data Mining (ICDM'06)

Hong Kong

December 18-December 22

ISBN: 0-7695-2701-9

	ASCII Text	x
	Roberto Perdisci, Guofei Gu, Wenke Lee, "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems," Data Mining, IEEE International Conference on, pp. 488-498, Sixth IEEE International Conference on Data Mining (ICDM'06), 2006.

	BibTex	x
	@article{ 10.1109/ICDM.2006.165, author = {Roberto Perdisci and Guofei Gu and Wenke Lee}, title = {Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems}, journal ={Data Mining, IEEE International Conference on}, volume = {0}, year = {2006}, issn = {1550-4786}, pages = {488-498}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDM.2006.165}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Data Mining, IEEE International Conference on TI - Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems SN - 1550-4786 SP488 EP498 A1 - Roberto Perdisci, A1 - Guofei Gu, A1 - Wenke Lee, PY - 2006 KW - null VL - 0 JA - Data Mining, IEEE International Conference on ER -

Roberto Perdisci, University of Cagliari, Italy; Georgia Institute of Technology, USA

Guofei Gu, Georgia Institute of Technology, USA

Wenke Lee, Georgia Institute of Technology, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDM.2006.165

Unsupervised or unlabeled learning approaches for network anomaly detection have been recently proposed. In particular, recent work on unlabeled anomaly detection focused on high speed classification based on simple payload statistics. For example, PAYL, an anomaly IDS, measures the occurrence frequency in the payload of n-grams. A simple model of normal traffic is then constructed according to this description of the packets? content.

It has been demonstrated that anomaly detectors based on payload statistics can be "evaded" by mimicry attacks using byte substitution and padding techniques. In this paper we propose a new approach to construct high speed payload-based anomaly IDS intended to be accurate and hard to evade. We propose a new technique to extract the features from the payload. We use a feature clustering algorithm originally proposed for text classification problems to reduce the dimensionality of the feature space. Accuracy and hardness of evasion are obtained by constructing our anomaly-based IDS using an ensemble of one-class SVM classifiers that work on different feature spaces.

Citation:

Roberto Perdisci, Guofei Gu, Wenke Lee, "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems," icdm, pp.488-498, Sixth IEEE International Conference on Data Mining (ICDM'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.