Automatic feature selection for anomaly detection

Research output: Contributions to collected editions/worksArticle in conference proceedingsResearchpeer-review

Authors

  • Marius Kloft
  • Ulf Brefeld
  • Patrick Düssel
  • Christian Gehl
  • Pavel Laskov

A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coeffcients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-innite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.

Original languageEnglish
Title of host publicationProceedings of the 1st ACM workshop on Workshop on AISec
EditorsDirk Balfanz, Jessica Staddon
Number of pages6
Place of PublicationNew York
PublisherAssociation for Computing Machinery, Inc
Publication date27.10.2008
Pages71-76
ISBN (print)978-1-60558-291-7
DOIs
Publication statusPublished - 27.10.2008
Externally publishedYes
EventAISec '08 - Alexandria, United States
Duration: 27.10.200831.10.2008
Conference number: 1

    Research areas

  • Informatics - Anomaly detection, Feature selection, Intrusion detection, Machine learning, Multiple kernel learning, Network security, Support vector data description
  • Business informatics

DOI