Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
411197 | Neurocomputing | 2007 | 8 Pages |
Abstract
In intrusion detection systems (IDSs), short sequences of system calls executed by running programs can be used as evidence to detect anomalies. In this paper, one-class support vector machines (SVMs) using sequence-similarity kernels are adopted as the anomaly detectors. Edit distance-based kernel and common subsequence-based kernel are proposed to utilize the sequence information in the detection. Algorithms for efficient computation of the kernels are derived with the techniques of dynamic programming and bit-parallelism. The experimental results indicate that the proposed kernels can significantly outperform the standard RBF kernel.
Related Topics
Physical Sciences and Engineering
Computer Science
Artificial Intelligence
Authors
Shengfeng Tian, Shaomin Mu, Chuanhuan Yin,