An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection
- Autores
- Catania, Carlos Adrian; Bromberg, Facundo; Garcia Garino, Carlos Gabriel
- Año de publicación
- 2012
- Idioma
- inglés
- Tipo de recurso
- artículo
- Estado
- versión publicada
- Descripción
- In the past years, several support vector machines (SVM) novelty detection approaches have been applied on the network intrusion detection field. The main advantage of these approaches is that they can characterize normal traffic even when trained with datasets containing not only normal traffic but also a number of attacks. Unfortunately, these algorithms seem to be accurate only when the normal traffic vastly outnumbers the number of attacks present in the dataset. A situation which can not be always hold. This work presents an approach for autonomous labeling of normal traffic as a way of dealing with situations where class distribution does not present the imbalance required for SVM algorithms. In this case, the autonomous labeling process is made by SNORT, a misuse-based intrusion detection system. Experiments conducted on the 1998 DARPA dataset show that the use of the proposed autonomous labeling approach not only outperforms existing SVM alternatives but also, under some attack distributions, obtains improvements over SNORT itself.
Fil: Catania, Carlos Adrian. Universidad Nacional de Cuyo; Argentina
Fil: Bromberg, Facundo. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Mendoza; Argentina. Universidad Tecnológica Nacional. Facultad Regional Mendoza. Departamento de Sistemas de Información. Laboratorio DHARMA; Argentina
Fil: Garcia Garino, Carlos Gabriel. Universidad Nacional de Cuyo. Facultad de Ingeniería; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Mendoza; Argentina - Materia
-
ANOMALY DETECTION
INTRUSION DETECTION SYSTEMS
LABELING
SVM - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- https://creativecommons.org/licenses/by-nc-sa/2.5/ar/
- Repositorio
.jpg)
- Institución
- Consejo Nacional de Investigaciones Científicas y Técnicas
- OAI Identificador
- oai:ri.conicet.gov.ar:11336/199687
Ver los metadatos del registro completo
| id |
CONICETDig_6cb936d2b6a96ef4e02b695151725811 |
|---|---|
| oai_identifier_str |
oai:ri.conicet.gov.ar:11336/199687 |
| network_acronym_str |
CONICETDig |
| repository_id_str |
3498 |
| network_name_str |
CONICET Digital (CONICET) |
| spelling |
An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detectionCatania, Carlos AdrianBromberg, FacundoGarcia Garino, Carlos GabrielANOMALY DETECTIONINTRUSION DETECTION SYSTEMSLABELINGSVMhttps://purl.org/becyt/ford/2.2https://purl.org/becyt/ford/2In the past years, several support vector machines (SVM) novelty detection approaches have been applied on the network intrusion detection field. The main advantage of these approaches is that they can characterize normal traffic even when trained with datasets containing not only normal traffic but also a number of attacks. Unfortunately, these algorithms seem to be accurate only when the normal traffic vastly outnumbers the number of attacks present in the dataset. A situation which can not be always hold. This work presents an approach for autonomous labeling of normal traffic as a way of dealing with situations where class distribution does not present the imbalance required for SVM algorithms. In this case, the autonomous labeling process is made by SNORT, a misuse-based intrusion detection system. Experiments conducted on the 1998 DARPA dataset show that the use of the proposed autonomous labeling approach not only outperforms existing SVM alternatives but also, under some attack distributions, obtains improvements over SNORT itself.Fil: Catania, Carlos Adrian. Universidad Nacional de Cuyo; ArgentinaFil: Bromberg, Facundo. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Mendoza; Argentina. Universidad Tecnológica Nacional. Facultad Regional Mendoza. Departamento de Sistemas de Información. Laboratorio DHARMA; ArgentinaFil: Garcia Garino, Carlos Gabriel. Universidad Nacional de Cuyo. Facultad de Ingeniería; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Mendoza; ArgentinaPergamon-Elsevier Science Ltd2012-02info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionhttp://purl.org/coar/resource_type/c_6501info:ar-repo/semantics/articuloapplication/pdfapplication/pdfapplication/pdfhttp://hdl.handle.net/11336/199687Catania, Carlos Adrian; Bromberg, Facundo; Garcia Garino, Carlos Gabriel; An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection; Pergamon-Elsevier Science Ltd; Expert Systems with Applications; 39; 2; 2-2012; 1822-18290957-4174CONICET DigitalCONICETenginfo:eu-repo/semantics/altIdentifier/doi/10.1016/j.eswa.2011.08.068info:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by-nc-sa/2.5/ar/reponame:CONICET Digital (CONICET)instname:Consejo Nacional de Investigaciones Científicas y Técnicas2025-09-29T10:38:31Zoai:ri.conicet.gov.ar:11336/199687instacron:CONICETInstitucionalhttp://ri.conicet.gov.ar/Organismo científico-tecnológicoNo correspondehttp://ri.conicet.gov.ar/oai/requestdasensio@conicet.gov.ar; lcarlino@conicet.gov.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:34982025-09-29 10:38:31.449CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicasfalse |
| dc.title.none.fl_str_mv |
An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection |
| title |
An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection |
| spellingShingle |
An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection Catania, Carlos Adrian ANOMALY DETECTION INTRUSION DETECTION SYSTEMS LABELING SVM |
| title_short |
An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection |
| title_full |
An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection |
| title_fullStr |
An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection |
| title_full_unstemmed |
An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection |
| title_sort |
An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection |
| dc.creator.none.fl_str_mv |
Catania, Carlos Adrian Bromberg, Facundo Garcia Garino, Carlos Gabriel |
| author |
Catania, Carlos Adrian |
| author_facet |
Catania, Carlos Adrian Bromberg, Facundo Garcia Garino, Carlos Gabriel |
| author_role |
author |
| author2 |
Bromberg, Facundo Garcia Garino, Carlos Gabriel |
| author2_role |
author author |
| dc.subject.none.fl_str_mv |
ANOMALY DETECTION INTRUSION DETECTION SYSTEMS LABELING SVM |
| topic |
ANOMALY DETECTION INTRUSION DETECTION SYSTEMS LABELING SVM |
| purl_subject.fl_str_mv |
https://purl.org/becyt/ford/2.2 https://purl.org/becyt/ford/2 |
| dc.description.none.fl_txt_mv |
In the past years, several support vector machines (SVM) novelty detection approaches have been applied on the network intrusion detection field. The main advantage of these approaches is that they can characterize normal traffic even when trained with datasets containing not only normal traffic but also a number of attacks. Unfortunately, these algorithms seem to be accurate only when the normal traffic vastly outnumbers the number of attacks present in the dataset. A situation which can not be always hold. This work presents an approach for autonomous labeling of normal traffic as a way of dealing with situations where class distribution does not present the imbalance required for SVM algorithms. In this case, the autonomous labeling process is made by SNORT, a misuse-based intrusion detection system. Experiments conducted on the 1998 DARPA dataset show that the use of the proposed autonomous labeling approach not only outperforms existing SVM alternatives but also, under some attack distributions, obtains improvements over SNORT itself. Fil: Catania, Carlos Adrian. Universidad Nacional de Cuyo; Argentina Fil: Bromberg, Facundo. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Mendoza; Argentina. Universidad Tecnológica Nacional. Facultad Regional Mendoza. Departamento de Sistemas de Información. Laboratorio DHARMA; Argentina Fil: Garcia Garino, Carlos Gabriel. Universidad Nacional de Cuyo. Facultad de Ingeniería; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Mendoza; Argentina |
| description |
In the past years, several support vector machines (SVM) novelty detection approaches have been applied on the network intrusion detection field. The main advantage of these approaches is that they can characterize normal traffic even when trained with datasets containing not only normal traffic but also a number of attacks. Unfortunately, these algorithms seem to be accurate only when the normal traffic vastly outnumbers the number of attacks present in the dataset. A situation which can not be always hold. This work presents an approach for autonomous labeling of normal traffic as a way of dealing with situations where class distribution does not present the imbalance required for SVM algorithms. In this case, the autonomous labeling process is made by SNORT, a misuse-based intrusion detection system. Experiments conducted on the 1998 DARPA dataset show that the use of the proposed autonomous labeling approach not only outperforms existing SVM alternatives but also, under some attack distributions, obtains improvements over SNORT itself. |
| publishDate |
2012 |
| dc.date.none.fl_str_mv |
2012-02 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion http://purl.org/coar/resource_type/c_6501 info:ar-repo/semantics/articulo |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://hdl.handle.net/11336/199687 Catania, Carlos Adrian; Bromberg, Facundo; Garcia Garino, Carlos Gabriel; An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection; Pergamon-Elsevier Science Ltd; Expert Systems with Applications; 39; 2; 2-2012; 1822-1829 0957-4174 CONICET Digital CONICET |
| url |
http://hdl.handle.net/11336/199687 |
| identifier_str_mv |
Catania, Carlos Adrian; Bromberg, Facundo; Garcia Garino, Carlos Gabriel; An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection; Pergamon-Elsevier Science Ltd; Expert Systems with Applications; 39; 2; 2-2012; 1822-1829 0957-4174 CONICET Digital CONICET |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/doi/10.1016/j.eswa.2011.08.068 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess https://creativecommons.org/licenses/by-nc-sa/2.5/ar/ |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-sa/2.5/ar/ |
| dc.format.none.fl_str_mv |
application/pdf application/pdf application/pdf |
| dc.publisher.none.fl_str_mv |
Pergamon-Elsevier Science Ltd |
| publisher.none.fl_str_mv |
Pergamon-Elsevier Science Ltd |
| dc.source.none.fl_str_mv |
reponame:CONICET Digital (CONICET) instname:Consejo Nacional de Investigaciones Científicas y Técnicas |
| reponame_str |
CONICET Digital (CONICET) |
| collection |
CONICET Digital (CONICET) |
| instname_str |
Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.name.fl_str_mv |
CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.mail.fl_str_mv |
dasensio@conicet.gov.ar; lcarlino@conicet.gov.ar |
| _version_ |
1844614408069709824 |
| score |
13.070432 |