Anomaly Intrusion Detection Based on Hyper-ellipsoid in the Kernel Feature Space |
Lee, Hansung
(SW.Content Research Laboratory, ETRI)
Moon, Daesung (SW.Content Research Laboratory, ETRI) Kim, Ikkyun (SW.Content Research Laboratory, ETRI) Jung, Hoseok (Computer and Information Section, KRIBB) Park, Daihee (Dept. of Computer and Information Science, Korea University) |
1 | V. Chandola, A. Banerjee, V. Kumar, "Anomaly detection: A survey," ACM Computing Survey, vol.41, no.3, pp.15, 2009.. |
2 | H. Lee, J. Song, D. Park, "Intrusion detection system based on multi-class SVM," in Proc. of RSFDGrC, LNAI 3642, pp.511-519, 2005.. |
3 | J. Yu, H. Lee, M. Kim, D. Park, "Traffic flooding attack detection with SNMP MIB using SVM," Computer Communications, vol.31, no.17, pp.4212-4219, 2008.. DOI |
4 | S. Parsa and S.A. Naree, "A new semantic kernel function for online anomaly detection of software," ETRI Journal, vol.34, no.2, pp.288-291, 2012.. DOI |
5 | M. Kloft, P. Laskov, "Security analysis of online centroid anomaly detection," JMLR, vol.13, pp. 3681-3724, 2012. |
6 | A. Banerjee, P. Burlina, R. Meth, "Fast hyperspectral anomaly detection via SVDD," in Proc. of ICIP, vol.4, pp.101-104, Sep. 16-19, 2007. |
7 | L. Jiaomin, W. Zhenzhou, F. Xinchun, W. Jing, "Intrusion detection technology based on SVDD," in Proc. of ICINIS, pp.15-18, 2009. |
8 | S.M. Guo, L.C. Chen, J.S.H. Tsai, "A boundary method for outlier detection based on support vector domain description," Pattern Recognition, vol.42, no.1, pp.77-83, 2009. DOI |
9 | I. Kang, M.K. Jeong, D. Kong, "A differentiated one-class classification method with applications to intrusion detection," Expert System with Applications, vol.39, no.4, pp.3899-3905, 2012. DOI |
10 | M. GhasemiGol, R. Monsefi, and H.S. Yazdi, "Intrusion detection by new data description method," in Proc. of ISMS, pp.1-5, 2010. |
11 | M. GhasemiGol, R. Monsefi, H.S. Yazdi, "Intrusion detection by ellipsoid boundary," J. Netw. Syst. Manage, vol.18, no.3, pp.265-282, 2010. DOI |
12 | J. Park, J. Kim, H. Lee, D. Park, "One-class support vector learning and linear matrix inequalities," IJFIS, vol.3, no.1, 2003. |
13 | M. GhasemiGol, R. Monsefi, H.S. Yazdi, "Ellipse support vector data description," in Proc. of EANN, CCIS 43, pp.257-268, 2009. |
14 | D. Wang, D.S. Yeung, E.C.C. Tsang, "Structured one-class classification," IEEE Trans. Syst., Man, Cybern. B, vol.36, no.6, pp.1283-1295, 2006. DOI |
15 | S. Rajasegarar, C. Leckie, J. C. Bezdek, M. Palaniswami, "Centered hyperspherical and hyperellipsoidal one-class support vector machines for anomaly detection in sensor networks," IEEE Trans. Inf. Forensics Security, vol.5, no.3, pp.518-533, 2010. DOI |
16 | P. G.-Teodoro, J. D.-Verdejo, G. M.-Fernandez, and E. Vazquez, "Anomaly-based network intrusion detection: Techniques, systems and challenge," Computers & Security, vol.28, no.1-2, pp.18-28, 2009. DOI |
17 | R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, S. Zhou, "Specification-based anomaly detection: a new approach for detecting network intrusions," in Proc. of ACM CCS, pp.265-274, 2002. |
18 | Y. Yu and H. Wu, "Anomaly intrusion detection based upon data mining techniques and fuzzy logic," in Proc. of IEEE SMC, pp.514-517, 2012. |
19 | C. Kruegel, F. Valeur, G. Vigna, R. Kemmerer, "Stateful intrusion detection for high-speed networks," in Proc. of IEEE Symp. On Security and Privacy, pp.285-293, 2002. |
20 | M. Ramadas, S. Ostermann, B. Tjaden, "Detecting anomalous network traffic with self-organizing maps," in Proc. of RAID, LNCS 2820, pp.36-54, 2003. |
21 | M.S. Hoque, M.A. Mukit, and M.A.N. Bikas, "An implementation of intrusion detection system using genetic algorithm," IJNSA, vol.4, no.2, pp.109-120, 2012. |
22 | Z. Mingqiang, H. Hui, W. Qian, "A graph-based clustering algorithm for anomaly intrusion detection," in Proc. of ICCSE, pp.1311-1314, 2012. |
23 | H. Lee, Y. Chung, D. Park, "An adaptive intrusion detection algorithm based on clustering and kernel-method," in Proc. of PAKDD, LNAI 3918, pp.603-610, 2006. |
24 | J.S.-Taylor, N. Cristianini, "Kernel Methods for Pattern Analysis," pp.143-155, 2004. |
25 | B. Scholkopf, A. Smola, K.-R. Muller, "Kernel principal component analysis," in Proc. of ICANNN, LNCS 1327, pp.583-588, 1997. |
26 | D.M.J. Tax, P. Juszczak, "Kernel whitening for one-class classification," in Pattern Recognition with Support Vector Machines, LNCS 2388, pp.40-52, 2002. |
27 | S. Boyd and L. Vandenberghe, "Convex optimization, " Cambridge Univ, 2004. |
28 | H. Hindi, "A tutorial on convex optimization", in Proc. of American Control Conference, vol.4, pp.3252-3265, 2004. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.325.9447 |
29 | P. Kumar, E.A. Yildirim, "Minimum volume enclosing ellipsoids and core set," Journal of Optimization Theory and Applications, vol.126, no.1, pp.1-21, 2005. DOI |
30 | P. Sun, R.M. Freund, "Computation of minimum volume covering ellipsoids," Operations Research, vol.52, no.5, pp.690-706, 2004. DOI |
31 | L. Khachiyan, "Rounding of polytopes in the real number model of computation," Mathematics of Operations Research, vol.21, no.2, pp.307-320, 1996. DOI |
32 | UCI KDD Archive. KDD Cup 1999 Data. Available: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html |
33 | D.M.J. Tax, Data description toolbox (Dd_tools), 2013. Available: http://prlab.tudelft.nl/david-tax/dd_tools.html |
34 | R.Kohavi, F. Provost, "Glossary of terms," Machine Learning, vol.30, no.2/3, pp.271-274, 1998. DOI |
35 | E. Eskin, A. Arnold, M. Prerau, L. Portnoy, S. Stolfo, "A geometric framework for unsupervised anomaly detection," in Applications of Data Mining in Computer Security, pp.77-101, 2002. |
36 | D. Dittrich, Distributed denial of service (DDoS) attacks/tools, Available: http://staff.washington.edu/dittrich/misc/ddos/ |
37 | N. Moshtagh, "Minimum volume enclosing ellipsoids," GRASP Lab., Univ. of Pennsylvania, 2005. |
38 | D.M.J. Tax, R.P.W. Duin, "Support vector data description," Machine Learning, vol.54, no.1, pp.45-66, 2004. DOI |
39 | J.M. E.-Tapiador, P.G. Teodoro, J.E.D.-Verdejo, "Detection of web-based attacks through Markovian protocol parsing," in Proc. of ISCC, pp.457-462, 2005. |