摘要: Anomaly intrusion detection normally has high false alarm rates, and a volume of alarms will prevent system administrators identifying the real attacks. Machine learning methods provide an effective way to decrease rate improve anomaly detection. In this research, we propose novel approach using kernel Support Vector (SVM) for improving detectors' accuracy. Two kernels, STIDE Markov Chain kernel, are developed specially applications. The experiments show based two class SVM detectors have better accuracy than original detectors. Generally, approaches build normal profiles from labeled training data. However, data is expensive not easy obtain. We approach, one SVM, that does need To further increase lower rate, integrating specification with also proposed. This research establish platform which generates automatically both misuse software agents. our method, SIFT representing converted Colored Petri Net (CPNs) template, subsequently, CPN compiled into code agents compiler dynamically loaded launched On other hand, model profile generated data, agent carries By engaging agents, can detect known attacks as well unknown
sci-hub.st 参考文章(51)
Carla E. Brodley, Terran Lane, Sequence Matching and Learning in Anomaly Detection for Computer Security ,(1997)
Guy Helmer, Vasant Honavar, Johnny Wong, Les Miller, Feature selection using a genetic algorithm for intrusion detection genetic and evolutionary computation conference. pp. 1781- 1781 ,(1999)
John J. Kinney, Statistics for Science and Engineering ,(2001)
Text classification using string kernels Journal of Machine Learning Research. ,vol. 2, pp. 419- 444 ,(2002) , 10.1162/153244302760200687
Corinna Cortes, Patrick Haffner, Mehryar Mohri, Positive Definite Rational Kernels conference on learning theory. ,vol. 2777, pp. 41- 56 ,(2003) , 10.1007/978-3-540-45167-9_5
Guy Gary Helmer, Intelligent multi-agent system for intrusion detection and countermeasures Iowa State University. ,(2000) , 10.31274/RTD-180813-13598
Thorsten Joachims, Making large scale SVM learning practical Technical reports. ,(1999) , 10.17877/DE290R-14262
Aaron Schwartzbard, Michael Schatz, Anup K. Ghosh, Learning program behavior profiles for intrusion detection ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 6- 6 ,(1999)
Prem Uppuluri, R. Sekar, Experiences with Specification-Based Intrusion Detection recent advances in intrusion detection. pp. 172- 189 ,(2001) , 10.1007/3-540-45474-8_11
Gene Spafford, Simson Garfinkel, Practical UNIX Security ,(1991)