Research on Cost-Sensitive Learning in One-Class Anomaly Detection Algorithms

  • Jun Luo
  • Li Ding
  • Zhisong Pan
  • Guiqiang Ni
  • Guyu Hu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4610)


According to the Cost-Sensitive Learning Method, two improved One-Class Anomaly Detection Models using Support Vector Data Description (SVDD) are put forward in this paper. Improved Algorithm is included in the Frequency-Based SVDD (F-SVDD) Model while Input data division method is used in the Write-Related SVDD (W-SVDD) Model. Experimental results show that both of the two new models have a low false positive rate compared with the traditional one. The true positives increased by 22% and 23% while the False Positives decreased by 58% and 94%, which reaches nearly 100% and 0% respectively. And hence, adjusting some parameters can make the false positive rate better. So using Cost-Sensitive method in One-Class Problems may be a future orientation in Trusted Computing area.


Intrusion Detection Anomaly Detection System Call Support Vector Data Description Slide Window Size 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Forrest, S., Hofmeyr, S.A.: Computer Immunology [J]. Communications of the ACM, 88–96 (1997)Google Scholar
  2. 2.
    Hofmeyr, S., Forrest, S.: Principles of a computer immune system. In: Proceeding of New Security Paradigms Workshop, pp. 75–82 (1997)Google Scholar
  3. 3.
    Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusion Using System Calls: Alternative Data Models, pp. 114–117 (2002),
  4. 4.
    Forrest, S., Hofmeyr, S.A., Longstaff, T.A.: A sense of self for Unix Processes, pp. 120–128. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  5. 5.
    David, M.J.T.: One-class Classification. Ph.D. Dissertation (1999)Google Scholar
  6. 6.
    Manevitz, L.M., Yousef, M.: One-Class SVMs for Document Classification. Journal of Machine Learning Research, 139–154 (2001)Google Scholar
  7. 7.
    Chen, Y.Q., Zhou, X., et al.: One-class SVM for learning in image retrieval [A]. In: IEEE Intl Conf. on Image Proc. (ICIP 2001), Thessaloniki, Greece (2001)Google Scholar
  8. 8.
    Kohonen, T.: Self-Organizing Map. pp. 117–119. Springer, Berlin (1995)Google Scholar
  9. 9.
    Bishop, M.: A standard audit trail format. In: Proceeding of the 18th National Information Systems Security Conference, Baltimore, pp. 136–l45 (l995)Google Scholar
  10. 10.
    MIT lpr DataSet (2000),
  11. 11.
    Lee, W., Stolfo, S.J., Mok, K.W.A.: Data mining framework for building intrusion detection models. In: Proc the 1999 IEEE Symposium on Security and Privacy, Berkely, California, pp. 120–132 (1999)Google Scholar
  12. 12.
    Haykin, S.: Neural networks-A comprehensive foundation, 2nd edn. Tsinghua University Press, Beijing (2001)Google Scholar
  13. 13.
    Hattor, I.K., Takahashi, M.: A new nearest-neighbor rule in the pattern classification problem. Pattern Recognition, 425–432 (1999)Google Scholar
  14. 14.
    Kim, J., Bentley, P.: The Artificial Immune Model for Network Intrusion Detection. In: 7th European Conference on Intelligent Techniques and Soft Computing (EUFIT 1999), Aachen, Germany (1999)Google Scholar
  15. 15.
    Pan, Z.S., Luo, J.: An Immune Detector Algorithm Based on Support Vector Data Description [B]. Journal of Harbin University of Engineering (2006)Google Scholar
  16. 16.
    Rtsch, G., Schlkopf, B., Mika, S., Müller, K.R.: SVM and boosting: One class. Berlin, vol. 6 (2000)Google Scholar
  17. 17.
    Colin, C., Kristin, P., Bennett, A.: Linear Programming Approach to Novelty Detection[A]. Advances in Neural Information Processing System 13 (2001)Google Scholar
  18. 18.
    Zhang, X.F., Sun, Y.F., Zhao, Q.S.: Intrusion Detection Based On Sub-Set Of System Calls. ACTA Electronica Sinica 32 (2004)Google Scholar
  19. 19.
    Warrender, C., Forrest, S., Pearlmutter, B.: Detecting Intrusions Using System Calls, Alternative Data Models, pp. 133–145. IEEE Computer Society, Los Alamitos (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Jun Luo
    • 1
  • Li Ding
    • 1
  • Zhisong Pan
    • 1
  • Guiqiang Ni
    • 1
  • Guyu Hu
    • 1
  1. 1.Institute of Command Automation, PLA University of Science and Technology, 210007, Nanjing, Email: zyqs1981@hotmail.comChina

Personalised recommendations