Abstract
Cyber attacks have been more sophisticated. Existing countermeasures, e.g, Intrusion Detection System (IDS), cannot work well for detecting their existence. Although anomaly-based IDS is considered to be promising approach to detect unknown attacks, it still lacks the ability to distinguish sophisticated attacks from trivial known ones. Therefore, we applied multistage one-class Support Vector Machine (OC-SVM) to detect such serious attacks. At the first stage, two training data are retrieved from traffic archive. The one is used for training OC-SVM and then, attacks are obtained from the another. Also testing data from real network are examined by the same OC-SVM and attacks are extracted. The attacks from the traffic archive are used for training OC-SVM at the second stage and those from real network are analyzed. Finally, we can obtain unknown attacks which are not stored in archive.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
KDD Cup 1999 Dataset, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Kyoto2006+ Dataset, http://www.takakura.com/Kyoto_data/
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection. In: Applications of Data Mining in Computer Security, pp. 77–101. Springer (2002)
Kondo, S., Sato, N.: Botnet traffic detection techniques by C&C session classification using SVM. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 91–104. Springer, Heidelberg (2007)
Perdisci, R., Gu, G., Lee, W.: Using an ensemble of one-class svm classifiers to harden payload-based anomaly detection systems. In: Sixth International Conference on Data Mining, ICDM 2006, pp. 488–498. IEEE (2006)
Schölkopf, B., Platt, J., Shawe-Taylor, J., Smola, A., Williamson, R.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443–1471 (2001)
Song, J., Ohira, K., Takakura, H., Okabe, Y., Kwon, Y.: A clustering method for improving performance of anomaly-based intrusion detection system. IEICE - Trans. Inf. Syst. E91-D(5), 1282–1291 (2008)
Song, J., Takakura, H., Kwon, Y.: A generalized feature extraction scheme to detect 0-day attacks via IDS alerts. In: The 2008 International Symposium on Applications and the Internet (SAINT 2008), pp. 55–61 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Araki, S., Yamaguchi, Y., Shimada, H., Takakura, H. (2014). Unknown Attack Detection by Multistage One-Class SVM Focusing on Communication Interval. In: Loo, C.K., Yap, K.S., Wong, K.W., Beng Jin, A.T., Huang, K. (eds) Neural Information Processing. ICONIP 2014. Lecture Notes in Computer Science, vol 8836. Springer, Cham. https://doi.org/10.1007/978-3-319-12643-2_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-12643-2_40
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12642-5
Online ISBN: 978-3-319-12643-2
eBook Packages: Computer ScienceComputer Science (R0)