Learning a new distance metric to improve an SVM-clustering based intrusion detection system

Roya Aliabkabri Sani, Abdorasoul Ghasemi

Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

11 Citations (Scopus)

Abstract

In the recent decades, many intrusion detection systems (IDSs) have been proposed to enhance the security of networks. A class of IDSs is based on clustering of network traffic into normal and abnormal according to some features of the connections. The selected distance function to measure the similarity and dissimilarity of sessions' features affect the performance of clustering based IDSs. The most popular distance metric, which is used in designing these IDSs is the Euclidean distance function. In this paper, we argue that more appropriate distance functions can be deployed for IDSs. We propose a method of learning an appropriate distance function according to a set of supervision information. This metric is derived by solving a semi-definite optimization problem, which attempts to decrease the distance between the similar, and increases the distances between the dissimilar feature vectors. The evaluation of this scheme over Kyoto2006+ dataset shows that the new distance metric, can improve the performance of a support vector machine (SVM) clustering based IDS in terms of normal detection and false positive rates.

Original languageEnglish
Title of host publication 2015 The International Symposium on Artificial Intelligence and Signal Processing (AISP)
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages284-289
Number of pages6
ISBN (Electronic)978-1-4799-8818-1
DOIs
Publication statusPublished - 15 Jun 2015
Externally publishedYes
Event2015 International Symposium on Artificial Intelligence and Signal Processing - Mashhad, Iran, Islamic Republic of
Duration: 3 Mar 20155 Mar 2015

Publication series

NameProceedings of the International Symposium on Artificial Intelligence and Signal Processing, AISP 2015

Conference

Conference2015 International Symposium on Artificial Intelligence and Signal Processing
Abbreviated titleAISP
Country/TerritoryIran, Islamic Republic of
CityMashhad
Period3/03/155/03/15

Bibliographical note

Publisher Copyright:
© 2015 IEEE.

Keywords

  • Anomaly detection
  • Clustering Algorithms
  • Intrusion detection system
  • Metric learning

ASJC Scopus subject areas

  • Artificial Intelligence
  • Signal Processing

Fingerprint

Dive into the research topics of 'Learning a new distance metric to improve an SVM-clustering based intrusion detection system'. Together they form a unique fingerprint.

Cite this