CH-SVM Based Network Anomaly Detection

Network anomaly detection is a critical task to ensure network security. With increasing network traffic, detecting network anomaly would require solving a large-scale pattern classification problem that often contains millions of training vectors. Each training vector may represent a particular sig...

Full description

Saved in:
Bibliographic Details
Main Authors: Xue-Qin Zhang, Chun-Hua Gu
Format: Conference Proceeding
Language:English
Subjects:
Anomaly detection
Computer networks
Convex hull
Cybernetics
Intrusion detection
Large-scale systems
Machine learning
Quadratic programming
Statistical learning
Support vector machine
Support vector machine classification
Support vector machines
Telecommunication traffic
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 3266
container_issue
container_start_page 3261
container_title
container_volume 6
creator Xue-Qin Zhang
Chun-Hua Gu
description Network anomaly detection is a critical task to ensure network security. With increasing network traffic, detecting network anomaly would require solving a large-scale pattern classification problem that often contains millions of training vectors. Each training vector may represent a particular signature of network traffic pattern and some of them may be linked to security breaching activities that need to be detected and eradicated. In this paper, a popular statistical learning algorithm known as the support vector machine (SVM) was consider to solve the network anomaly detection problem. However, it is well known that SVM would require excessively long computing time and exceedingly large amount of memory when number of training vectors becomes huge. Hence, direct application of the standard SVM algorithm to solve large-scale network anomaly detection problems is impractical. In this paper, based on computational geometry theory, a new algorithm called convex-hull SVM (CH-SVM) was proposed, which can yield the same solution as original SVM while using significantly less training data, and hence less computing time. Then experiments were done on KDD'99 intrusion detection dataset to compare the performance of the proposed algorithm to a standard SVM and observed reduced training time and improved classification accuracy.
doi_str_mv 10.1109/ICMLC.2007.4370710
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4370710</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4370710</ieee_id><sourcerecordid>4370710</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-6fd4e1cad874eb1059faa8bb90ce9a80f3f4e22befb215fe75a074db8d0df2ca3</originalsourceid><addsrcrecordid>eNo1j71OwzAURi8CJErJC8CSiS3hXtuJ7bEEKJVSGPgRW2XH11KgbVASCfXtQaKdPp3hHOkDuCTMidDeLKplXeUCUedKatSER5BYbUgJpdBqicdwfgBBJzARVGJGUn6cQTIMn4hIulQo5ASuq8fs5X2Z3rqBQ_rE40_Xf6Wzbbdx6116xyM3Y9ttL-A0uvXAyX6n8PZw__rn1s_zRTWrs5Z0MWZlDIqpccFoxZ6wsNE5473Fhq0zGGVULITn6AUVkXXhUKvgTcAQRePkFK7-uy0zr777duP63Wp_U_4CJtFDTg</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>CH-SVM Based Network Anomaly Detection</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Xue-Qin Zhang ; Chun-Hua Gu</creator><creatorcontrib>Xue-Qin Zhang ; Chun-Hua Gu</creatorcontrib><description>Network anomaly detection is a critical task to ensure network security. With increasing network traffic, detecting network anomaly would require solving a large-scale pattern classification problem that often contains millions of training vectors. Each training vector may represent a particular signature of network traffic pattern and some of them may be linked to security breaching activities that need to be detected and eradicated. In this paper, a popular statistical learning algorithm known as the support vector machine (SVM) was consider to solve the network anomaly detection problem. However, it is well known that SVM would require excessively long computing time and exceedingly large amount of memory when number of training vectors becomes huge. Hence, direct application of the standard SVM algorithm to solve large-scale network anomaly detection problems is impractical. In this paper, based on computational geometry theory, a new algorithm called convex-hull SVM (CH-SVM) was proposed, which can yield the same solution as original SVM while using significantly less training data, and hence less computing time. Then experiments were done on KDD'99 intrusion detection dataset to compare the performance of the proposed algorithm to a standard SVM and observed reduced training time and improved classification accuracy.</description><identifier>ISSN: 2160-133X</identifier><identifier>ISBN: 1424409721</identifier><identifier>ISBN: 9781424409723</identifier><identifier>EISBN: 9781424409730</identifier><identifier>EISBN: 142440973X</identifier><identifier>DOI: 10.1109/ICMLC.2007.4370710</identifier><language>eng</language><publisher>IEEE</publisher><subject>Anomaly detection ; Computer networks ; Convex hull ; Cybernetics ; Intrusion detection ; Large-scale systems ; Machine learning ; Quadratic programming ; Statistical learning ; Support vector machine ; Support vector machine classification ; Support vector machines ; Telecommunication traffic</subject><ispartof>2007 International Conference on Machine Learning and Cybernetics, 2007, Vol.6, p.3261-3266</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4370710$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54555,54920,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4370710$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Xue-Qin Zhang</creatorcontrib><creatorcontrib>Chun-Hua Gu</creatorcontrib><title>CH-SVM Based Network Anomaly Detection</title><title>2007 International Conference on Machine Learning and Cybernetics</title><addtitle>ICMLC</addtitle><description>Network anomaly detection is a critical task to ensure network security. With increasing network traffic, detecting network anomaly would require solving a large-scale pattern classification problem that often contains millions of training vectors. Each training vector may represent a particular signature of network traffic pattern and some of them may be linked to security breaching activities that need to be detected and eradicated. In this paper, a popular statistical learning algorithm known as the support vector machine (SVM) was consider to solve the network anomaly detection problem. However, it is well known that SVM would require excessively long computing time and exceedingly large amount of memory when number of training vectors becomes huge. Hence, direct application of the standard SVM algorithm to solve large-scale network anomaly detection problems is impractical. In this paper, based on computational geometry theory, a new algorithm called convex-hull SVM (CH-SVM) was proposed, which can yield the same solution as original SVM while using significantly less training data, and hence less computing time. Then experiments were done on KDD'99 intrusion detection dataset to compare the performance of the proposed algorithm to a standard SVM and observed reduced training time and improved classification accuracy.</description><subject>Anomaly detection</subject><subject>Computer networks</subject><subject>Convex hull</subject><subject>Cybernetics</subject><subject>Intrusion detection</subject><subject>Large-scale systems</subject><subject>Machine learning</subject><subject>Quadratic programming</subject><subject>Statistical learning</subject><subject>Support vector machine</subject><subject>Support vector machine classification</subject><subject>Support vector machines</subject><subject>Telecommunication traffic</subject><issn>2160-133X</issn><isbn>1424409721</isbn><isbn>9781424409723</isbn><isbn>9781424409730</isbn><isbn>142440973X</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2007</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNo1j71OwzAURi8CJErJC8CSiS3hXtuJ7bEEKJVSGPgRW2XH11KgbVASCfXtQaKdPp3hHOkDuCTMidDeLKplXeUCUedKatSER5BYbUgJpdBqicdwfgBBJzARVGJGUn6cQTIMn4hIulQo5ASuq8fs5X2Z3rqBQ_rE40_Xf6Wzbbdx6116xyM3Y9ttL-A0uvXAyX6n8PZw__rn1s_zRTWrs5Z0MWZlDIqpccFoxZ6wsNE5473Fhq0zGGVULITn6AUVkXXhUKvgTcAQRePkFK7-uy0zr777duP63Wp_U_4CJtFDTg</recordid><startdate>200708</startdate><enddate>200708</enddate><creator>Xue-Qin Zhang</creator><creator>Chun-Hua Gu</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200708</creationdate><title>CH-SVM Based Network Anomaly Detection</title><author>Xue-Qin Zhang ; Chun-Hua Gu</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-6fd4e1cad874eb1059faa8bb90ce9a80f3f4e22befb215fe75a074db8d0df2ca3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2007</creationdate><topic>Anomaly detection</topic><topic>Computer networks</topic><topic>Convex hull</topic><topic>Cybernetics</topic><topic>Intrusion detection</topic><topic>Large-scale systems</topic><topic>Machine learning</topic><topic>Quadratic programming</topic><topic>Statistical learning</topic><topic>Support vector machine</topic><topic>Support vector machine classification</topic><topic>Support vector machines</topic><topic>Telecommunication traffic</topic><toplevel>online_resources</toplevel><creatorcontrib>Xue-Qin Zhang</creatorcontrib><creatorcontrib>Chun-Hua Gu</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library Online</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Xue-Qin Zhang</au><au>Chun-Hua Gu</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>CH-SVM Based Network Anomaly Detection</atitle><btitle>2007 International Conference on Machine Learning and Cybernetics</btitle><stitle>ICMLC</stitle><date>2007-08</date><risdate>2007</risdate><volume>6</volume><spage>3261</spage><epage>3266</epage><pages>3261-3266</pages><issn>2160-133X</issn><isbn>1424409721</isbn><isbn>9781424409723</isbn><eisbn>9781424409730</eisbn><eisbn>142440973X</eisbn><abstract>Network anomaly detection is a critical task to ensure network security. With increasing network traffic, detecting network anomaly would require solving a large-scale pattern classification problem that often contains millions of training vectors. Each training vector may represent a particular signature of network traffic pattern and some of them may be linked to security breaching activities that need to be detected and eradicated. In this paper, a popular statistical learning algorithm known as the support vector machine (SVM) was consider to solve the network anomaly detection problem. However, it is well known that SVM would require excessively long computing time and exceedingly large amount of memory when number of training vectors becomes huge. Hence, direct application of the standard SVM algorithm to solve large-scale network anomaly detection problems is impractical. In this paper, based on computational geometry theory, a new algorithm called convex-hull SVM (CH-SVM) was proposed, which can yield the same solution as original SVM while using significantly less training data, and hence less computing time. Then experiments were done on KDD'99 intrusion detection dataset to compare the performance of the proposed algorithm to a standard SVM and observed reduced training time and improved classification accuracy.</abstract><pub>IEEE</pub><doi>10.1109/ICMLC.2007.4370710</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 2160-133X
ispartof 2007 International Conference on Machine Learning and Cybernetics, 2007, Vol.6, p.3261-3266
issn 2160-133X
language eng
recordid cdi_ieee_primary_4370710
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Anomaly detection
Computer networks
Convex hull
Cybernetics
Intrusion detection
Large-scale systems
Machine learning
Quadratic programming
Statistical learning
Support vector machine
Support vector machine classification
Support vector machines
Telecommunication traffic
title CH-SVM Based Network Anomaly Detection
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-21T11%3A21%3A16IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=CH-SVM%20Based%20Network%20Anomaly%20Detection&rft.btitle=2007%20International%20Conference%20on%20Machine%20Learning%20and%20Cybernetics&rft.au=Xue-Qin%20Zhang&rft.date=2007-08&rft.volume=6&rft.spage=3261&rft.epage=3266&rft.pages=3261-3266&rft.issn=2160-133X&rft.isbn=1424409721&rft.isbn_list=9781424409723&rft_id=info:doi/10.1109/ICMLC.2007.4370710&rft.eisbn=9781424409730&rft.eisbn_list=142440973X&rft_dat=%3Cieee_6IE%3E4370710%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i175t-6fd4e1cad874eb1059faa8bb90ce9a80f3f4e22befb215fe75a074db8d0df2ca3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4370710&rfr_iscdi=true