2010
DOI: 10.1007/s10922-010-9165-x
|View full text |Cite
|
Sign up to set email alerts
|

Intrusion Detection by Ellipsoid Boundary

Abstract: This paper presents a novel approach to describe the normal behavior of computer networks (as used in IDS) based on Support Vector Data Description (SVDD). In the proposed method we find a minimal hyper-ellipse around the normal objects in the input space. Hyper-ellipse can be expanded in high dimensional space (ESVDD) or to be used as a preprocessing in SVDD method (PESVDD) to obtain better results for IDS. KDD-cup99 has been used as data set for test of the proposed method. The overall experiments show promi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
12
0

Year Published

2015
2015
2024
2024

Publication Types

Select...
7

Relationship

0
7

Authors

Journals

citations
Cited by 10 publications
(12 citation statements)
references
References 17 publications
0
12
0
Order By: Relevance
“…11) Minimum probability: Like minimum support, this is a probability threshold for mutually dependent items to be considered interesting, for instance, in verifying custom-defined m-patterns in an approach to isolating failures based of items infrequency. 12) Slack variable, ξ: In an intrusion detection approach based on ellipsoid [98], a slack variable was introduced to penalize large distances from hyper-ellipses. 13) Similarity: When jobs are similar but have occurred in different nodes at the same time, they are considered to be spatially correlated [70].…”
Section: Measures Of Interestingnessmentioning
confidence: 99%
“…11) Minimum probability: Like minimum support, this is a probability threshold for mutually dependent items to be considered interesting, for instance, in verifying custom-defined m-patterns in an approach to isolating failures based of items infrequency. 12) Slack variable, ξ: In an intrusion detection approach based on ellipsoid [98], a slack variable was introduced to penalize large distances from hyper-ellipses. 13) Similarity: When jobs are similar but have occurred in different nodes at the same time, they are considered to be spatially correlated [70].…”
Section: Measures Of Interestingnessmentioning
confidence: 99%
“…This model may be subject to misclassification for newly emerging attacks by creating a decision boundary including the unobserved area [2] . To overcome this problem, one-class SVM (e.g., SVDD) and its variations have been implemented in AID [7][8][9][10][11] . It is possible to find the decision boundary of the normal class for AID because the training result is not affected by data instances from the abnormal class and does not include the unobserved area.…”
Section: Anomaly Intrusion Detectionmentioning
confidence: 99%
“…With anomaly detection, one class of data is regarded as the target class, and the remaining data is classified as an outlier (or anomalous data). Because the other class of data might be available only with difficulty, and because only the normal class of data is easy to obtain in general, one-class classification methods are recently adopted for anomaly detection [6][7][8][9][10][11] . One of the best-known support vector learning methods for anomaly detection (i.e., one-class SVM) is the support vector data description (SVDD) [12] .…”
Section: Introductionmentioning
confidence: 99%
See 2 more Smart Citations