Automatic feature selection for anomaly detection

Research output: Contributions to collected editions/worksArticle in conference proceedingsResearchpeer-review

Standard

Automatic feature selection for anomaly detection. / Kloft, Marius; Brefeld, Ulf; Düssel, Patrick et al.
Proceedings of the 1st ACM workshop on Workshop on AISec. ed. / Dirk Balfanz; Jessica Staddon. New York: Association for Computing Machinery, Inc, 2008. p. 71-76.

Research output: Contributions to collected editions/worksArticle in conference proceedingsResearchpeer-review

Harvard

Kloft, M, Brefeld, U, Düssel, P, Gehl, C & Laskov, P 2008, Automatic feature selection for anomaly detection. in D Balfanz & J Staddon (eds), Proceedings of the 1st ACM workshop on Workshop on AISec. Association for Computing Machinery, Inc, New York, pp. 71-76, AISec '08, Alexandria, United States, 27.10.08. https://doi.org/10.1145/1456377.1456395

APA

Kloft, M., Brefeld, U., Düssel, P., Gehl, C., & Laskov, P. (2008). Automatic feature selection for anomaly detection. In D. Balfanz, & J. Staddon (Eds.), Proceedings of the 1st ACM workshop on Workshop on AISec (pp. 71-76). Association for Computing Machinery, Inc. https://doi.org/10.1145/1456377.1456395

Vancouver

Kloft M, Brefeld U, Düssel P, Gehl C, Laskov P. Automatic feature selection for anomaly detection. In Balfanz D, Staddon J, editors, Proceedings of the 1st ACM workshop on Workshop on AISec. New York: Association for Computing Machinery, Inc. 2008. p. 71-76 doi: 10.1145/1456377.1456395

Bibtex

@inbook{efa05596d9964c9790f8625d4f2f928f,
title = "Automatic feature selection for anomaly detection",
abstract = "A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coeffcients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-innite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.",
keywords = "Informatics, Anomaly detection, Feature selection, Intrusion detection, Machine learning, Multiple kernel learning, Network security, Support vector data description, Business informatics",
author = "Marius Kloft and Ulf Brefeld and Patrick D{\"u}ssel and Christian Gehl and Pavel Laskov",
year = "2008",
month = oct,
day = "27",
doi = "10.1145/1456377.1456395",
language = "English",
isbn = "978-1-60558-291-7",
pages = "71--76",
editor = "Dirk Balfanz and Jessica Staddon",
booktitle = "Proceedings of the 1st ACM workshop on Workshop on AISec",
publisher = "Association for Computing Machinery, Inc",
address = "United States",
note = "AISec '08 ; Conference date: 27-10-2008 Through 31-10-2008",

}

RIS

TY - CHAP

T1 - Automatic feature selection for anomaly detection

AU - Kloft, Marius

AU - Brefeld, Ulf

AU - Düssel, Patrick

AU - Gehl, Christian

AU - Laskov, Pavel

N1 - Conference code: 1

PY - 2008/10/27

Y1 - 2008/10/27

N2 - A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coeffcients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-innite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.

AB - A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coeffcients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-innite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.

KW - Informatics

KW - Anomaly detection

KW - Feature selection

KW - Intrusion detection

KW - Machine learning

KW - Multiple kernel learning

KW - Network security

KW - Support vector data description

KW - Business informatics

UR - http://www.scopus.com/inward/record.url?scp=70349247747&partnerID=8YFLogxK

UR - https://www.mendeley.com/catalogue/c6580c7c-07a9-38a7-9e45-d56354877950/

U2 - 10.1145/1456377.1456395

DO - 10.1145/1456377.1456395

M3 - Article in conference proceedings

AN - SCOPUS:70349247747

SN - 978-1-60558-291-7

SP - 71

EP - 76

BT - Proceedings of the 1st ACM workshop on Workshop on AISec

A2 - Balfanz, Dirk

A2 - Staddon, Jessica

PB - Association for Computing Machinery, Inc

CY - New York

T2 - AISec '08

Y2 - 27 October 2008 through 31 October 2008

ER -

DOI