Publication Details

String Kernel Based SVM for Internet Security Implementation

MICHLOVSKÝ, Z. String Kernel Based SVM for Internet Security Implementation. Neural Information Processing. Lecture Notes in Computer Science. Berlin / Heidelberg: Springer Verlag, 2009. p. 530-539. ISBN: 978-3-642-10682-8.
Czech title
Aplikace SVM pro internetovou bezpečnost, založené na řetězcových jádrech
Type
conference paper
Language
English
Authors
Michlovský Zbyněk, Ing.
and others
Keywords

SVM, string kernel functions, internet security

Abstract

In this work, we develop SVM based string kernel method according to different mathematical similarity expressions of two strings/substrings. For network security, we derive string kernel SVM for automatical attack (i.e. spam emails) signature analysis, conducting spam filtering without early determined spam signature. Moreover, we have used string kernel SVM to authenticate legitimate network applications.

Annotation

For network intrusion and virus detection, ordinary methods detect malicious network traffic and viruses by examining packets, flow logs or content of memory for any signatures of the attack. This implies that if no signature is known/created in advance, attack detection will be problematical. Addressing unknown attacks detection, we develop in this paper a network traffic and spam analyzer using a string kernel based SVM (support vector machine) supervised machine learning. The proposed method is capable of detecting network attack without known/earlier determined attack signatures, as SVM automatically learning attack signatures from traffic data. For application to internet security, we have implemented the proposed method for spam email detection over the SpamAssasin and E. M. Canada datasets, and network application authentication via real connection data analysis. The obtained above 99% accuracies have demonstrated the usefulness of string kernel SVMs on network security for either detecting 'abnormal' or protecting 'normal' traffic.

Published
2009
Pages
530–539
Proceedings
Neural Information Processing
Series
Lecture Notes in Computer Science
ISBN
978-3-642-10682-8
Publisher
Springer Verlag
Place
Berlin / Heidelberg
BibTeX
@inproceedings{BUT34295,
  author="Zbyněk {Michlovský}",
  title="String Kernel Based SVM for Internet Security Implementation",
  booktitle="Neural Information Processing",
  year="2009",
  series="Lecture Notes in Computer Science",
  pages="530--539",
  publisher="Springer Verlag",
  address="Berlin / Heidelberg",
  isbn="978-3-642-10682-8"
}
Back to top