Intrusion Detection with Support Vector Machines and Generative Models

Intrusion Detection with Support Vector Machines and Generative Models

Title : Intrusion Detection with Support Vector Machines and Generative Models
Authors :
Baras, John S.
Rabi, Maben

Conference : 5th Information Security Conference LCNS Vol. 2433, pp 32-47
Date: September 30 - October 02, 2002

This paper address the task of detecting intrusions in the form of malicious attach on programs running OD a host computer system by inspecting the trace of system calls made by these programs. We use ‘attack-tree’ type generative models for such intrusions to select features that are used by a Support Vector Machine Classifier. Our approach combines the ability of an HMM generative model to handle variable-length strings, i.e. the traces, and the non-asymptotic nature of Support Vector Machines that permits them to work well with small training sets.

Download Full Paper