Skip to main content
Conference Proceedings

Anomaly detection enhanced classification in computer intrusion detection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2002) 2388 186-197
DOI: 10.1007/3-540-45665-1_15
31Citations
Citations of this article
15Readers
Mendeley users who have this article in their library.
Get full text

Abstract

This paper describes experiences and results applying Support Vector Machine (SVM) to a Computer Intrusion Detection (CID) dataset. This is the second stage of work with this dataset, emphasizing incorporation of anomaly detection in the modeling and prediction of cyber–attacks. The SVMmethod for classification is used as a benchmark method (from previous study [1]), and the anomaly detection approaches compare so–called “one class” SVMs with a thresholdedMahalanobis distance to define support regions. Results compare the performance of the methods, and investigate joint performance of classification and anomaly detection. The dataset used is the DARPA/KDD-99 publicly available dataset of features from network packets classified into non–attack and four attack categories.

Cite

CITATION STYLE

APA

Fugate, M., & Gattiker, J. R. (2002). Anomaly detection enhanced classification in computer intrusion detection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2388, pp. 186–197). Springer Verlag. https://doi.org/10.1007/3-540-45665-1_15

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free