Intrusion Detection with Support Vector Machines and Generative Models

J. S. Baras, M. Rabi

5th International Conference, ISC 2002, Springer lecture notes in Computer Science (LNCS) Vol.2433, pp 32-47, Sao Paulo, Brazil, September 30-October 1-2, 2002.

Abstract

This paper addresses the task of detecting intrusions in the form of malicious attacks on programs running on a host computer system by inspecting the trace of system calls made by these programs. We use ‘attack-tree’ type generative models for such intrusions to select features that are used by a Support Vector Machine Classifier. Our approach combines the ability of an HMM generative model to handle variablelength strings, i.e. the traces, and the non-asymptotic nature of Support Vector Machines that permits them to work well with small training sets.