Automatic feature selection for anomaly detection
Publikation: Beiträge in Sammelwerken › Aufsätze in Konferenzbänden › Forschung › begutachtet
Standard
Proceedings of the 1st ACM workshop on Workshop on AISec. Hrsg. / Dirk Balfanz; Jessica Staddon. New York: Association for Computing Machinery, Inc, 2008. S. 71-76.
Publikation: Beiträge in Sammelwerken › Aufsätze in Konferenzbänden › Forschung › begutachtet
Harvard
APA
Vancouver
Bibtex
}
RIS
TY - CHAP
T1 - Automatic feature selection for anomaly detection
AU - Kloft, Marius
AU - Brefeld, Ulf
AU - Düssel, Patrick
AU - Gehl, Christian
AU - Laskov, Pavel
N1 - Conference code: 1
PY - 2008/10/27
Y1 - 2008/10/27
N2 - A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coeffcients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-innite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.
AB - A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coeffcients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-innite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.
KW - Informatics
KW - Anomaly detection
KW - Feature selection
KW - Intrusion detection
KW - Machine learning
KW - Multiple kernel learning
KW - Network security
KW - Support vector data description
KW - Business informatics
UR - http://www.scopus.com/inward/record.url?scp=70349247747&partnerID=8YFLogxK
UR - https://www.mendeley.com/catalogue/c6580c7c-07a9-38a7-9e45-d56354877950/
U2 - 10.1145/1456377.1456395
DO - 10.1145/1456377.1456395
M3 - Article in conference proceedings
AN - SCOPUS:70349247747
SN - 978-1-60558-291-7
SP - 71
EP - 76
BT - Proceedings of the 1st ACM workshop on Workshop on AISec
A2 - Balfanz, Dirk
A2 - Staddon, Jessica
PB - Association for Computing Machinery, Inc
CY - New York
T2 - AISec '08
Y2 - 27 October 2008 through 31 October 2008
ER -