To improve the efficiency and usability of adaptive anomaly detection system, we propose a new framework based on Support Vector Data Description (SVDD) method. This framework includes two main techniques: online change detection and unsupervised anomaly detection. The first one enables automatically obtain model training data by measuring and distinguishing change caused by intensive attacks from normal behavior change and then filtering most intensive attacks. The second retrains model periodically and detects the forthcoming data. Results of experiments with the KDD'99 network data show that these techniques can handle intensive attacks effectively and adapt to the concept drift while still detecting attacks. As a result, false positive rate is reduced from 13.43% to 4.45%. © IFIP International Federation for Information Processing 2004.
CITATION STYLE
Yang, M., Zhang, H., Fu, J., & Yan, F. (2004). A framework for adaptive anomaly detection based on support vector data description. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3222, 443–450. https://doi.org/10.1007/978-3-540-30141-7_62
Mendeley helps you to discover research relevant for your work.