Intrusion Detection Based on One-class SVM and SNMP MIB data
To rapidly detect attack and properly do response, a lightweight and fast detection mechanism for traf cooding attacks is proposed, which use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links and a machine learning approach based on a Support Vector Machine (SVM) for attack classi cation. The involved SNMP MIB variables are selected by an effective feature selection mechanism and gathered effectively by the MIB update time prediction mechanism. Using MIB and SVM, it achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. The intrusion detection mechanism with hierarchical structure setup has two phases, whichrst distinguishes attack traf c from normal traf c and then determines the type of attacks in detail. Results of the experiment using MIB datasets collected from real experiments involving a DDoS attack demonstrate that it can be an an effective way for intrusion detection. The network attacks are detected with high ef ciency, and classi ed with low false alarms.
Intrusion detection SNMP MIB DoS/DDoS Support vector machine
Bao Cui-Mei
Shandong University of Technology Zibo Shandong China
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
346-349
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)