Automatic feature selection for anomaly detection
Research output: Contributions to collected editions/works › Article in conference proceedings › Research › peer-review
Authors
A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coeffcients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-innite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 1st ACM workshop on Workshop on AISec |
| Editors | Dirk Balfanz, Jessica Staddon |
| Number of pages | 6 |
| Place of Publication | New York |
| Publisher | Association for Computing Machinery, Inc |
| Publication date | 27.10.2008 |
| Pages | 71-76 |
| ISBN (Print) | 978-1-60558-291-7 |
| DOIs | |
| Publication status | Published - 27.10.2008 |
| Externally published | Yes |
| Event | AISec '08 - Alexandria, United States Duration: 27.10.2008 → 31.10.2008 Conference number: 1 |
- Informatics - Anomaly detection, Feature selection, Intrusion detection, Machine learning, Multiple kernel learning, Network security, Support vector data description
- Business informatics