Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Automatic feature selection for anomaly detection

: Kloft, M.; Brefeld, U.; Düssel, P.; Gehl, C.; Laskov, P.


Balfanz, D. ; Association for Computing Machinery -ACM-:
1st ACM Workshop on Security and Artificial Intelligence, AISec 2008. Proceedings : Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08, Alexandria, VA, USA, October 27, 2008
New York: ACM, 2008
ISBN: 978-1-60558-291-7
Workshop on Security and Artificial Intelligence (AISec) <1, 2008, Alexandria/Va.>
Conference on Computer and Communications Security (CCS) <15, 2008, Alexandria/Va.>
Conference Paper
Fraunhofer FIRST ()

A frequent problem in anomaly detection is to decide among different feature sets to be used. For example, various features are known in network intrusion detection based on packet headers, content byte streams or application level protocol parsing. A method for automatic feature selection in anomaly detection is proposed which determines optimal mixture coefficients for various sets of features. The method generalizes the support vector data description (SVDD) and can be expressed as a semi-infinite linear program that can be solved with standard techniques. The case of a single feature set can be handled as a particular case of the proposed method. The experimental evaluation of the new method on unsanitized HTTP data demonstrates that detectors using automatically selected features attain competitive performance, while sparing practitioners from a priori decisions on feature sets to be used.