Accession Number:

ADA439783

Title:

Intrusion Detection With Support Vector Machines and Generative Models

Descriptive Note:

Technical rept.

Corporate Author:

MARYLAND UNIV COLLEGE PARK INST FOR SYSTEMS RESEARCH

Personal Author(s):

Report Date:

2002-01-01

Pagination or Media Count:

18.0

Abstract:

This paper addresses the task of detecting intrusions in the form of malicious attacks on programs running on a host computer system by inspecting the trace of system calls made by these programs. We use attack-tree type generative models for such intrusions to select features that are used by a Support Vector Machine Classifier. Our approach combines the ability of an HMM generative model to handle variable-length strings, i.e. the traces, and the non-asymptotic nature of Support Vector Machines that permits them to work well with small training sets.

Subject Categories:

  • Statistics and Probability
  • Computer Systems

Distribution Statement:

APPROVED FOR PUBLIC RELEASE