[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3837/tiis.2015.03.019

Anomaly Intrusion Detection Based on Hyper-ellipsoid in the Kernel Feature Space

Lee, Hansung (SW.Content Research Laboratory, ETRI)
Moon, Daesung (SW.Content Research Laboratory, ETRI)
Kim, Ikkyun (SW.Content Research Laboratory, ETRI)
Jung, Hoseok (Computer and Information Section, KRIBB)
Park, Daihee (Dept. of Computer and Information Science, Korea University)

Publication Information

KSII Transactions on Internet and Information Systems (TIIS) / v.9, no.3, 2015 , pp. 1173-1192 More about this Journal

Abstract

The Support Vector Data Description (SVDD) has achieved great success in anomaly detection, directly finding the optimal ball with a minimal radius and center, which contains most of the target data. The SVDD has some limited classification capability, because the hyper-sphere, even in feature space, can express only a limited region of the target class. This paper presents an anomaly detection algorithm for mitigating the limitations of the conventional SVDD by finding the minimum volume enclosing ellipsoid in the feature space. To evaluate the performance of the proposed approach, we tested it with intrusion detection applications. Experimental results show the prominence of the proposed approach for anomaly detection compared with the standard SVDD.

Keywords

Anomaly detection; intrusion detection; kernel principal component analysis; minimum enclosing ellipsoid;

Citations & Related Records

Times Cited By KSCI : 1 (Citation Analysis)

Reference
Cited By KSCI

1	V. Chandola, A. Banerjee, V. Kumar, "Anomaly detection: A survey," ACM Computing Survey, vol.41, no.3, pp.15, 2009..
2	H. Lee, J. Song, D. Park, "Intrusion detection system based on multi-class SVM," in Proc. of RSFDGrC, LNAI 3642, pp.511-519, 2005..
3	J. Yu, H. Lee, M. Kim, D. Park, "Traffic flooding attack detection with SNMP MIB using SVM," Computer Communications, vol.31, no.17, pp.4212-4219, 2008.. DOI
4	S. Parsa and S.A. Naree, "A new semantic kernel function for online anomaly detection of software," ETRI Journal, vol.34, no.2, pp.288-291, 2012.. DOI
5	M. Kloft, P. Laskov, "Security analysis of online centroid anomaly detection," JMLR, vol.13, pp. 3681-3724, 2012.
6	A. Banerjee, P. Burlina, R. Meth, "Fast hyperspectral anomaly detection via SVDD," in Proc. of ICIP, vol.4, pp.101-104, Sep. 16-19, 2007.
7	L. Jiaomin, W. Zhenzhou, F. Xinchun, W. Jing, "Intrusion detection technology based on SVDD," in Proc. of ICINIS, pp.15-18, 2009.
8	S.M. Guo, L.C. Chen, J.S.H. Tsai, "A boundary method for outlier detection based on support vector domain description," Pattern Recognition, vol.42, no.1, pp.77-83, 2009. DOI
9	I. Kang, M.K. Jeong, D. Kong, "A differentiated one-class classification method with applications to intrusion detection," Expert System with Applications, vol.39, no.4, pp.3899-3905, 2012. DOI
10	M. GhasemiGol, R. Monsefi, and H.S. Yazdi, "Intrusion detection by new data description method," in Proc. of ISMS, pp.1-5, 2010.
11	M. GhasemiGol, R. Monsefi, H.S. Yazdi, "Intrusion detection by ellipsoid boundary," J. Netw. Syst. Manage, vol.18, no.3, pp.265-282, 2010. DOI
12	J. Park, J. Kim, H. Lee, D. Park, "One-class support vector learning and linear matrix inequalities," IJFIS, vol.3, no.1, 2003.
13	M. GhasemiGol, R. Monsefi, H.S. Yazdi, "Ellipse support vector data description," in Proc. of EANN, CCIS 43, pp.257-268, 2009.
14	D. Wang, D.S. Yeung, E.C.C. Tsang, "Structured one-class classification," IEEE Trans. Syst., Man, Cybern. B, vol.36, no.6, pp.1283-1295, 2006. DOI
15	S. Rajasegarar, C. Leckie, J. C. Bezdek, M. Palaniswami, "Centered hyperspherical and hyperellipsoidal one-class support vector machines for anomaly detection in sensor networks," IEEE Trans. Inf. Forensics Security, vol.5, no.3, pp.518-533, 2010. DOI
16	P. G.-Teodoro, J. D.-Verdejo, G. M.-Fernandez, and E. Vazquez, "Anomaly-based network intrusion detection: Techniques, systems and challenge," Computers & Security, vol.28, no.1-2, pp.18-28, 2009. DOI
17	R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, S. Zhou, "Specification-based anomaly detection: a new approach for detecting network intrusions," in Proc. of ACM CCS, pp.265-274, 2002.
18	Y. Yu and H. Wu, "Anomaly intrusion detection based upon data mining techniques and fuzzy logic," in Proc. of IEEE SMC, pp.514-517, 2012.
19	C. Kruegel, F. Valeur, G. Vigna, R. Kemmerer, "Stateful intrusion detection for high-speed networks," in Proc. of IEEE Symp. On Security and Privacy, pp.285-293, 2002.
20	M. Ramadas, S. Ostermann, B. Tjaden, "Detecting anomalous network traffic with self-organizing maps," in Proc. of RAID, LNCS 2820, pp.36-54, 2003.
21	M.S. Hoque, M.A. Mukit, and M.A.N. Bikas, "An implementation of intrusion detection system using genetic algorithm," IJNSA, vol.4, no.2, pp.109-120, 2012.
22	Z. Mingqiang, H. Hui, W. Qian, "A graph-based clustering algorithm for anomaly intrusion detection," in Proc. of ICCSE, pp.1311-1314, 2012.
23	H. Lee, Y. Chung, D. Park, "An adaptive intrusion detection algorithm based on clustering and kernel-method," in Proc. of PAKDD, LNAI 3918, pp.603-610, 2006.
24	J.S.-Taylor, N. Cristianini, "Kernel Methods for Pattern Analysis," pp.143-155, 2004.
25	B. Scholkopf, A. Smola, K.-R. Muller, "Kernel principal component analysis," in Proc. of ICANNN, LNCS 1327, pp.583-588, 1997.
26	D.M.J. Tax, P. Juszczak, "Kernel whitening for one-class classification," in Pattern Recognition with Support Vector Machines, LNCS 2388, pp.40-52, 2002.
27	S. Boyd and L. Vandenberghe, "Convex optimization, " Cambridge Univ, 2004.
28	H. Hindi, "A tutorial on convex optimization", in Proc. of American Control Conference, vol.4, pp.3252-3265, 2004. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.325.9447
29	P. Kumar, E.A. Yildirim, "Minimum volume enclosing ellipsoids and core set," Journal of Optimization Theory and Applications, vol.126, no.1, pp.1-21, 2005. DOI
30	P. Sun, R.M. Freund, "Computation of minimum volume covering ellipsoids," Operations Research, vol.52, no.5, pp.690-706, 2004. DOI
31	L. Khachiyan, "Rounding of polytopes in the real number model of computation," Mathematics of Operations Research, vol.21, no.2, pp.307-320, 1996. DOI
32	UCI KDD Archive. KDD Cup 1999 Data. Available: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
33	D.M.J. Tax, Data description toolbox (Dd_tools), 2013. Available: http://prlab.tudelft.nl/david-tax/dd_tools.html
34	R.Kohavi, F. Provost, "Glossary of terms," Machine Learning, vol.30, no.2/3, pp.271-274, 1998. DOI
35	E. Eskin, A. Arnold, M. Prerau, L. Portnoy, S. Stolfo, "A geometric framework for unsupervised anomaly detection," in Applications of Data Mining in Computer Security, pp.77-101, 2002.
36	D. Dittrich, Distributed denial of service (DDoS) attacks/tools, Available: http://staff.washington.edu/dittrich/misc/ddos/
37	N. Moshtagh, "Minimum volume enclosing ellipsoids," GRASP Lab., Univ. of Pennsylvania, 2005.
38	D.M.J. Tax, R.P.W. Duin, "Support vector data description," Machine Learning, vol.54, no.1, pp.45-66, 2004. DOI
39	J.M. E.-Tapiador, P.G. Teodoro, J.E.D.-Verdejo, "Detection of web-based attacks through Markovian protocol parsing," in Proc. of ISCC, pp.457-462, 2005.