LIN Yang,LIU Guiquan,YANG Lishen

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.14.053

2007-01-01

Abstract:In the application of intrusion detection,SVM maintains fine detection status on the condition of small-scale dataset.This paper proposes an improved SVM method.Through cutting non-effective records from training set under the guidance of specific probabilities,it gains better classification results and greatly ameliorates the situation of high resources occupation and time cosumption in traditional SVM training and classification.The tests on DARPA dataset show that this method performs well in intrusion detection.

Wu Liu,Ping Ren,Ke Liu,Duan Hai-xin

DOI: https://doi.org/10.1109/wicom.2011.6040153

2011-01-01

Abstract:This paper considers anomaly detection using an improved probabilistic neural networks. We first introduce a Basic Adaptive Boost Algorithm (BABA) and analysis its drawbacks and then introduce an Improved Adaptive Boost Algorithm (IABA) to classify the detected event as normal or intrusive. © 2011 IEEE.

Shuang-fu HUANG,Xian-fu CHEN

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2010.03.018

2010-01-01

Abstract:In the study of the intrusion detection,the SVM based active learning algorithm can reduce the sample complexity.Aiming to improve the inferior quality of initial training set resulted from random construction and avoid the propensity to suboptimum in SVM based active learning algorithm,a modified algorithm was proposed.It both incorporates the algorithm of constructing initial training set with kernel-based clustering and the scheme of probabilistic query based on the distance criteria.The experiment result shows that the proposed algorithm needs less samples and is more stable under the same detection performance condition.

ZHANG Xue-qin,GU Chun-hua,Wu Ji-yi

DOI: https://doi.org/10.3969/j.issn.1001-0548.2011.04.017

2011-01-01

Abstract:In order to construct an anomaly detection classifier which has good learning and generalization ability,under the structural risk minimization(SRM) principle,the design rules of a support vector machines(SVMs) based anomaly detection classifier is discussed.The model and its parameters selection and estimation method of a SVM classifier are proposed.The training steps of a SVM anomaly detection classifier are given.Experiments on KDD'99 network intrusion detection dataset indicate that the proposed methods can speed up the process of constructing an intrusion detection classifier and the classification accuracy is higher.

Shih-Wei Lin,Kuo-Ching Ying,Chou-Yuan Lee,Zne-Jung Lee

DOI: https://doi.org/10.1016/j.asoc.2012.05.004

IF: 8.7

2012-10-01

Applied Soft Computing

Abstract:Intrusion detection system (IDS) is to monitor the attacks occurring in the computer or networks. Anomaly intrusion detection plays an important role in IDS to detect new attacks by detecting any deviation from the normal profile. In this paper, an intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection is proposed. The key idea is to take the advantage of support vector machine (SVM), decision tree (DT), and simulated annealing (SA). In the proposed algorithm, SVM and SA can find the best selected features to elevate the accuracy of anomaly intrusion detection. By analyzing the information from using KDD’99 dataset, DT and SA can obtain decision rules for new attacks and can improve accuracy of classification. In addition, the best parameter settings for the DT and SVM are automatically adjusted by SA. The proposed algorithm outperforms other existing approaches. Simulation results demonstrate that the proposed algorithm is successful in detecting anomaly intrusion detection.

computer science, artificial intelligence, interdisciplinary applications

Jingxuan Pang,Xiaokun Pu,Chunguang Li

DOI: https://doi.org/10.1109/tii.2022.3145834

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:Anomaly detection plays an important role in industry, especially in ensuring system safety and product quality. Due to the unavailability of anomalous data in many practical cases, anomaly detection is usually solved by one-class classification (OCC) methods using only normal data. As a classical OCC method, one-class support vector machine (OCSVM) is a popular discriminative approach for anomaly detection, which detects abnormal data points by establishing a decision boundary in the kernel space. However, the performance of OCSVM heavily relies on kernel parameters, whose selection is not trivial for anomaly detection problems. Moreover, for some uneven and complex data distributions, different data regions may have quite different densities and shapes, making it difficult for OCSVM to obtain good boundaries in all regions using a global kernel parameter. To address the above two issues, in this article, we propose a hybrid algorithm incorporating vector quantization and OCSVM (VQ-OCSVM). Specifically, vector quantization is used to extract distribution information of normal data, and the results are used to construct an explicit mapping function to map data into a high-dimensional feature space. Then, OCSVM is performed in the feature space to build a classifier. By introducing the explicit mapping into OCSVM, the proposed method can effectively bypass the kernel parameter selection problem of the classical OCSVM method. Furthermore, the constructed mapping carries the data distribution information, and the VQ-OCSVM model can be regarded as an integration of generative learning and discriminative learning. The complementary properties of these two paradigms make the proposed VQ-OCSVM algorithm have better generalization capacity for complex data distribution. Both qualitative and quantitative experimental results demonstrate the effectiveness and advantages of the proposed method.

Dong-qi LIU,Zhi-jian CHEN,Yin XU,Fei-teng LI

DOI: https://doi.org/10.13873/J.1000-9787(2018)03-0115-03

2018-01-01

Abstract:An improved support vector machine(SVM)algorithm is proposed,after analyzing the deficiency of traditional SVM algorithm for imbalanced datasets.It uses adaptive synthetic(ADASYN)sampling technology for partially resampling on dataset,to increase minority class instances;distribute different weights for different sample point to decrease the influence of noise on training result,cost-sensitive SVM algorithm training is adopted to relieve the bias of hyperplane caused by imbalanced datasets. The proposed algorithm is tested on 6 sets of imbalanced datasets from UCI database. The experimental result shows that the performance of improved SVM algorithm is better than other algorithms and achieve a good balance between minority class accuracy and majority class accuracy.

Xuedan Miao,Ying Liu,Haiquan Zhao,Chunguang Li

DOI: https://doi.org/10.1109/tcyb.2018.2804940

IF: 11.8

2019-01-01

IEEE Transactions on Cybernetics

Abstract:Anomaly detection has attracted much attention in recent years since it plays a crucial role in many domains. Various anomaly detection approaches have been proposed, among which one-class support vector machine (OCSVM) is a popular one. In practice, data used for anomaly detection can be distributively collected via wireless sensor networks. Besides, as the data usually arrive at the nodes sequentially, online detection method that can process streaming data is preferred. In this paper, we formulate a distributed online OCSVM for anomaly detection over networks and get a decentralized cost function. To get the decentralized implementation without transmitting the original data, we use a random approximate function to replace the kernel function. Furthermore, to find an appropriate approximate dimension, we add a sparse constraint into the decentralized cost function to get another one. Then we minimize these two cost functions by stochastic gradient descent and derive two distributed algorithms. Some theoretical analysis and experiments are performed to show the effectiveness of the proposed algorithms. Experimental results on both synthetic and real datasets reveal that both of the proposed algorithms achieve low mis-detection rates and high true positive rates. Compared with other state-of-the-art anomaly detection methods, the proposed distributed algorithms not only show good anomaly detection performance, but also require relatively short running time and low CPU memory consumption.

Kaikun Dong,Jiao Shi,Li Guo,Fang Yuan

DOI: https://doi.org/10.1088/1742-6596/1629/1/012017

2020-01-01

Journal of Physics Conference Series

Abstract:Abstract In order to identify the four types of attacks in the KDD99 data set, an anomaly detection model based on supporting vector machines is proposed. The model uses supporting vector machines to train five classifiers and detects the attacks by integrating the classification results of the five classifiers. Aiming at the problem that the detection model has a low recall rate when detecting some categories, a feature extraction method based on abnormal proportion analysis is proposed to extract effective feature combinations for each classifier, and a sampling technique is used to preprocess the training set of each classifier. Experimental results show that the improved anomaly detection model can not only improve the performance of each classifier, but also improve the comprehensive discrimination performance of the five classifiers.

Ji Qiu,Hongmei Shi,Yuhen Hu,Zujun Yu

DOI: https://doi.org/10.3390/app132312655

2023-11-24

Applied Sciences

Abstract:Unsupervised anomaly detection models are crucial for the efficiency of industrial applications. However, frequent false alarms hinder the widespread adoption of unsupervised anomaly detection, especially in fault detection tasks. To this end, our research delves into the dependence of false alarms on the baseline anomaly detector by analyzing the high-response regions in anomaly maps. We introduce an SVM-based false positive classifier as a post-processing module, which identifies false alarms from positive predictions at the object level. Moreover, we devise a sample synthesis strategy that generates synthetic false positives from the trained baseline detector while producing synthetic defect patch features from fuzzy domain knowledge. Following comprehensive evaluations, we showcase substantial performance enhancements in two advanced out-of-distribution anomaly detection models, Cflow and Fastflow, across image and pixel-level anomaly detection performance metrics. Substantive improvements are observed in two distinct industrial applications, with notable instances of elevating the image-level F1-score from 46.15% to 78.26% in optimal scenarios and boosting pixel-level AUROC from 72.36% to 94.74%.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Guo Pu,Lijuan Wang,Jun Shen,Fang Dong

DOI: https://doi.org/10.26599/tst.2019.9010051

2021-04-01

Abstract:In recent years, machine learning-based cyber intrusion detection methods have gained increasing popularity. The number and complexity of new attacks continue to rise; therefore, effective and intelligent solutions are necessary. Unsupervised machine learning techniques are particularly appealing to intrusion detection systems since they can detect known and unknown types of attacks as well as zero-day attacks. In the current paper, we present an unsupervised anomaly detection method, which combines Sub-Space Clustering (SSC) and One Class Support Vector Machine (OCSVM) to detect attacks without any prior knowledge. The proposed approach is evaluated using the well-known NSL-KDD dataset. The experimental results demonstrate that our method performs better than some of the existing techniques.

computer science, information systems,engineering, electrical & electronic, software engineering

Li Zhanchun,Li Zhitang,Liu Bin

DOI: https://doi.org/10.1007/bf02831871

2006-01-01

Abstract:This article presents an anomaly detection system based on principal component analysis (PCA) and support vector machine (SVM). The system first creates a profile defining a normal behavior by frequency-based scheme, and then compares the similarity of a current behavior with the created profile to decide whether the input instance is normal or anomaly. In order to avoid overfitting and reduce the computational burden, normal behavior principal features are extracted by the PCA method. SVM is used to distinguish normal or anomaly for user behavior after training procedure has been completed by learning. In the experiments for performance evaluation the system achieved a correct detection rate equal to 92.2% and a false detection rate equal to 2.8%.

Dongqi Liu,Zhijian Chen,Yin Xu,Feiteng Li

DOI: https://doi.org/10.3969/j.issn.1001-3695.2018.04.014

2018-01-01

Abstract:In order to improve the classification accuracy of traditional support vector machine (SVM) for imbalanced datasets,solving the problem that classifier had a low performance on minority class,this paper proposed a hybrid SVM algorithm.It combined adaptive synthetic sampling(ADASYN) algorithm with different error cost(DEC) algorithm to improve the bias of hyperplane caused by imbalanced datasets,and then it introduced a new correction algorithm to prediction model so as to improve the prediction model's adaptability to different data characteristics.It tested the proposed algorithm on 7 sets of realworld imbalanced datasets from UCI database.The experiment result shows that the hybrid SVM algorithm is able to surpass or match the state-of-the-art algorithms on each dataset,and it increases the classification performance by an average of 2.0％ to 20.9％.It shows that the proposed algorithm is effective and robust.

Yue Shihong,Li Ping,Hao Peiyi

DOI: https://doi.org/10.1007/s11766-003-0059-5

2003-01-01

Abstract:SVM (support vector machines) have become an increasingly popular tool for machine learning tasks involving classification, regression or novelty detection. In particular, they exhibit good generalization performance on many real issues and the approach is properly motivated theoretically. There are relatively a few free parameters to adjust and the architecture of the learning machine does not need to be found by experimentation. In this paper, survey of the key contents on this subject, focusing on the most well-known models based on kernel substitution, namely SVM, as well as the activated fields at present and the development tendency, is presented.

Huaping Liu,Yin Jian,Sijia Liu

DOI: https://doi.org/10.1109/etcs.2010.210

2010-01-01

Abstract:Intelligent algorithms applied in intrusion detection system has become a tendency in recent years. An intelligent intrusion detection method is presented, based on rough set theory (RST) and improved binary particle swarm optimization with supported vector machine (IBPSO-SVM), which is combined attribute reduction with parameters optimization. Experiments on KDD CUP'99 dataset show this method can be an effective way for intrusion detection, not only accelerating the training time, but also improving the accuracy of test.

,Chunhua Gu,xueqin zhang

DOI: https://doi.org/10.1109/ICMLC.2007.4370710

2007-01-01

Abstract:Network Anomaly Detection is a critical task to ensure network security. With increasing network traffic, detecting network anomaly would require solving a large-scale pattern classification problem that often contains millions of training vectors. Each training vector may represent a particular signature of network traffic pattern and some of them may be linked to security breaching activities that need to be detected and eradicated. In this paper, a popular statistical learning algorithm known as the Support Vector Machine (SVM) was consider to solve the network anomaly detection problem. However, it is well known that SVM would require excessively long computing time and exceedingly large amount of memory when number of training vectors becomes huge. Hence, direct application of the standard SVM algorithm to solve large-scale network anomaly detection problems is impractical. In this paper, based on computational geometry theory, a new algorithm called convex-hull SVM (CH-SVM) was proposed, which can yield the same solution as original SVM while using significantly less training data, and hence less computing time. Then experiments were done on KDD'99 intrusion detection dataset to compare the performance of the proposed algorithm to a standard SVM and observed reduced training time and improved classification accuracy.

GU Yu,ZHENG Jin-hui,DAI Ming-wei,HE Lei

DOI: https://doi.org/10.3969/j.issn.1000-7180.2005.05.005

2005-01-01

Abstract:For large data sets, the performance of Support Vector Machine (SVM) is not satisfied, because of its high complexity of time and space. In order to reduce the complexities, we propose a new method that uses the SVM ensembles with bagging (bootstrap aggregating) in this paper. We train each individual SVM independently using the randomly chosen training samples via a bootstrap technique. After that, they are collected to make a decision according to the majority voting. The experiment results for the intrusion detection data classification show that our proposed SVM ensemble with bagging outperforms any single SVM in terms of classification accuracy.

Chong Di,Yu Su,Zhuoran Han,Shenghong Li

DOI: https://doi.org/10.1007/978-981-10-6571-2_252

2018-01-01

Abstract:As an indispensable defensive measure of network security, the intrusion detection is a process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents. It is a classifier to judge the event is normal or malicious. The information used for intrusion detection contains some redundant features which would increase the difficulty of training the classifier for intrusion detection and increase the time of making predictions. To simplify the training process and improve the efficiency of the classifier, it is necessary to remove these dispensable features. in this paper, we propose a novel LA-SVM scheme to automatically remove redundant features focusing on intrusion detection. This is the first application of learning automata for solving dimension reduction problems. The simulation results indicate that the LA-SVM scheme achieves a higher accuracy and is more efficient in making predictions compared with traditional SVM.

Kai Guo,Datong Liu,Yu Peng,Xiyuan Peng

DOI: https://doi.org/10.1109/phm-chongqing.2018.00048

2018-01-01

Abstract:With large amount of industrial data available, data-driven anomaly detection methods have been widely used for ensuring industrial safety and preventing economic losses. Among them, one-class support vector machine (OCSVM) is an effective unsupervised method for detecting abnormal points by establishing a decision boundary in the kernel space and has obtained much attention in the research field in recent years. Through solving the convex quadratic programming problem, OCSVM obtains a classifier with maximum distance to the origin and satisfying maximum quantity of training samples, without utilizing anomaly data points. However, the outliers in the training set, which are more likely to be selected as support vectors, will lead to the degradation in the performance of OCSVM. Because the outliers are away from the center of the dataset and cannot represent the real characteristics for the data. To address this drawback, the clustering-based and LOF outlier detection method (CLOF), which has high computational efficiency and modeling accuracy, is adopted for eliminating the outliers and optimizing the final acquired boundary of OCSVM. Experimental results on shuttle flight data have illustrated the superior performance of the proposed approach.

Zheng Zhang,Xiaogang Deng

DOI: https://doi.org/10.1016/j.patrec.2021.04.020

IF: 4.757

2021-08-01

Pattern Recognition Letters

Abstract:<p>Support vector data description (SVDD) is a classical anomaly detection algorithm. How to develop a deep version of SVDD is one valuable problem in the anomaly detection field. Aiming at this problem, an improved SVDD model called deep structure preserving SVDD (DSPSVDD) is proposed by integrating the deep feature extraction with the data structure preservation. Firstly, the typical SVDD methods are revisited in view of model depth profiles and the limitations of the present deep SVDD model are analyzed. Then in order to extract the deep data features more effectively, an enhanced comprehensive optimization objective is designed for the deep SVDD model by considering both the hypersphere volume minimization and the network reconstruction error minimization simultaneously. The experimental results on the MNIST, Fashion-MNIST, and MVTec AD image benchmark datasets show that the proposed DSPSVDD method achieves the better anomaly detection performance compared with the traditional deep SVDD method.</p>

computer science, artificial intelligence