Adaptive SVDD-based Learning for False Alarm Reduction in Intrusion Detection

Tayeb Kenaza; Abdenour Labed; Yacine Boulahia; Mohcen Sebehi

doi:10.5220/0005573204050412

Adaptive SVDD-based Learning for False Alarm Reduction in Intrusion Detection

Tayeb Kenaza, Abdenour Labed, Yacine Boulahia, Mohcen Sebehi

2015

Abstract

During the last decade the support vector data description (SVDD) has been used by researchers to develop anomaly-based intrusion detection systems (IDS), with the ultimate objective to design new efficient IDS that achieve higher detection rates together with lower rates of false alerts. However, most of these systems are generally evaluated during a short period without considering the dynamic aspect of the monitored environment. They are never experimented to test their behavior in long-term, namely after some long period of deployment. In this paper, we propose an adaptive SVDD-based learning approach that aims at continuously enhancing the performances of the SVDD classifier by refining the training dataset. This approach consists of periodically evaluating the classifier by an expert, and feedback in terms of false positives and confirmed attacks is used to update the training dataset. Experimental results using both refined training dataset and compromised dataset (dataset with mislabeling) have shown promising results.

Download

Paper Citation

in Harvard Style

Kenaza T., Labed A., Boulahia Y. and Sebehi M. (2015). Adaptive SVDD-based Learning for False Alarm Reduction in Intrusion Detection . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 405-412. DOI: 10.5220/0005573204050412

in Bibtex Style

@conference{secrypt15,
author={Tayeb Kenaza and Abdenour Labed and Yacine Boulahia and Mohcen Sebehi},
title={Adaptive SVDD-based Learning for False Alarm Reduction in Intrusion Detection},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={405-412},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005573204050412},
isbn={978-989-758-117-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Adaptive SVDD-based Learning for False Alarm Reduction in Intrusion Detection
SN - 978-989-758-117-5
AU - Kenaza T.
AU - Labed A.
AU - Boulahia Y.
AU - Sebehi M.
PY - 2015
SP - 405
EP - 412
DO - 10.5220/0005573204050412