Date of Award
Doctor of Philosophy
Dongjoon Kong, Myong K. Jeong
Xueping Li, Frank Guess
Most of existing intrusion detection techniques treat all types of attacks equally without any differentiation of the risk they pose to the information system. However, certain types of attacks are more harmful than others and their detection is critical to protection of the system. This study proposes a novel differentiated anomaly detection method that can more precisely detect intrusions of specific types of attacks.
Although many researchers have been developed many efficient intrusion detection methods, fewer efforts have been made to extract effective features for host-based intrusion detection. In this study, we propose a new framework based on new viewpoints about system activities to extract host-based features, which can guide further exploration for new features.
There are few feature selection methods for anomaly detections although lots of studies have been done for the feature selection both in classification and regression problems. This study proposes new support vector data description (SVDD)-based feature selection methods such as SVDD-R2-recursive feature elimination (RFE), SVDD-RFE and SVDDGradient method. Concrete experiments with both simulated and the Defense advanced research projects agency (DARPA) datasets shows promising performance of the proposed methods.
These achievements in this dissertation could significantly contribute to anomaly detection field. In addition, the proposed differentiated detection and SVDD-based feature selection methods would benefit even other application areas beyond intrusion detection
Kang, Inho, "Differentiated Intrusion Detection and SVDD-based Feature Selection for Anomaly Detection. " PhD diss., University of Tennessee, 2007.