Fig. 1. A flowchart of the proposed method
Fig. 2. A graph of TPR and FPR for known attack types
Fig. 3. A graph of FP and TN for new attack types
Fig. 4. Performance comparison of one-class SVM (LibSVM) and Hempstalk’s one-class classifier
Table 1. Attack types of KDD 1999 dataset
Table 2. Attack types of training dataset
Table 3. Attack types of test dataset
Table 4. Confusion matrix [20]
Table 5. The measures used in the proposed method
Table 6. TPR, FPR, accuracy, F1-score of one-class SVM according to nu parameter.
Table 7. Results of one-class SVM according to nu parameter.
Table 8. Results of Hempstalk’s one-class classifier
References
- B. Mukherjee, L. T. Heberlein, & K. N. Levitt. (1994). Network intrusion detection. IEEE network, 8(3), 26-41. https://doi.org/10.1109/65.283931
- P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, & E. Vazquez. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. computers & security, 28(1-2), 18-28. https://doi.org/10.1016/j.cose.2008.08.003
- S. S. Khan & M. G. Madden. (2009). A survey of recent trends in one class classification. In Irish Conference on Artificial Intelligence and Cognitive Science, 188-197. Springer, Berlin, Heidelberg.
- G. Ratsch, S., Mika, B., Scholkopf, & K. R. Muller. (2002). Constructing boosting algorithms from SVMs: an application to one-class classification. IEEE Transactions on Pattern Analysis and Machine Intelligence, 24(9), 1184-1199. https://doi.org/10.1109/TPAMI.2002.1033211
- K. L. Li, H. K. Huang, S. F. Tian, & W. Xu. (2003, November). Improving one-class SVM for anomaly detection. In Machine Learning and Cybernetics, 2003 International Conference on, 5, 3077-3081. IEEE.
- G. Giacinto, R. Perdisci, M. Del Rio, & F. Roli. (2008). Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Information Fusion, 9(1), 69-82. https://doi.org/10.1016/j.inffus.2006.10.002
- I. Kang, M. K. Jeong, & D. Kong. (2012). A differentiated one-class classification method with applications to intrusion detection. Expert Systems with Applications, 39(4), 3899-3905. https://doi.org/10.1016/j.eswa.2011.06.033
- J. H. Seo. (2018). Detection of Car Hacking Using One Class Classifier. Journal of the Korea Convergence Society, 9(6), 33-38. https://doi.org/10.15207/JKCS.2018.9.6.033
- L. Portnoy, E. Eskin, & S. Stolfo. (2001). Intrusion detection with unlabeled data using clustering. In Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001).
- L. M. Manevitz & M. Yousef. (2001). One-class SVMs for document classification. Journal of machine Learning research, 2, 139-154.
- J. H. Seo. (2018). Feature Selection for Anomaly Detection Based on Genetic Algorithm, Journal of the Korea Convergence Society, 9(7), 1-7. https://doi.org/10.15207/JKCS.2018.9.7.001
- J. G. Kang, J. Y. Lee, & Y. Y. You. (2017). A Study on Implementation of Fraud Detection System (FDS) Applying BigData Platform, Journal of the Korea Convergence Society, 8(4), 19-24. https://doi.org/10.15207/JKCS.2017.8.4.019
- M. M. Moya & D. R. Hush. (1996). Network constraints and multi-objective optimization for one-class classification. Neural Networks, 9(3), 463-474. https://doi.org/10.1016/0893-6080(95)00120-4
- D. M. J. Tax. (2001). One-class classification: concept-learning in the absence of counter-examples [Ph. D. thesis]. Delft University of Technology, Stevinweg, The Netherlands.
- K. Hempstalk, E. Frank, & I. H. Witten. (2008, September). One-class classification by combining density and class probability estimation. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases, 505-519. Springer, Berlin, Heidelberg.
- S. S. Khan & M. G. Madden. (2014). One-class classification: taxonomy of study and review of techniques. The Knowledge Engineering Review, 29(3), 345-374. https://doi.org/10.1017/S026988891300043X
- P. Nader, P. Honeine, & P. Beauseroy. (2014). lp-norms in One-Class Classification for Intrusion Detection in SCADA Systems. IEEE Transactions on Industrial Informatics, 10(4), 2308-2317. https://doi.org/10.1109/TII.2014.2330796
- KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
- WEKA, https://www.cs.waikato.ac.nz/ml/weka/
- Confusion matrix, https://en.wikipedia.org/wiki/Confusion_matrix
- C. Zhou & R. C. Paffenroth. (2017). Anomaly detection with robust deep autoencoders. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 665-674.
- H. Moeini & F. M. Torab. (2017). Comparing compositional multivariate outliers with autoencoder networks in anomaly detection at Hamich exploration area, east of Iran. Journal of Geochemical Exploration, 180, 15-23. https://doi.org/10.1016/j.gexplo.2017.05.008
- Y. T. K. Lai, J. S. Hu, Y. H. Tsai, & W. Y. Chiu. (2018). Industrial Anomaly Detection and One-class Classification using Generative Adversarial Networks. In 2018 IEEE/ASME International Conference on Advanced Intelligent Mechatronics (AIM), 1444-1449.