Anomaly detection in vessel tracking using Support Vector Machines (SVMs)

The paper is devoted to supervise method approach to identify the vessel anomaly behavior in waterways using the Automated Identification System (AIS) vessel reporting data. In this work, we describe the use of SVMs to detect the vessel anomaly behavior. The SVMs is a supervised method that needs some pre knowledge to extract the maritime movement patterns of AIS raw data into information. This is the basis to remodel information into a meaningful and valuable form. The result of this work shows that the SVMs technique is applicable to be used for the identification of vessel anomaly behavior. It is proved that the best accuracy result is obtained from dividing raw data into 70% for training and 30% for testing stages

Anomaly Detection in Time Series Data Using Support Vector Machines

Analysis of large data sets is increasingly important in business and scientific research. One of the challenges in such analysis stems from uncertainty in data, which can produce anomalous results. In this paper, we propose a method of anomaly detection in time series data using a Support Vector Machine. Three different kernels of the Support Vector Machine are analyzed to predict anomalies in the UCR public data set. Comparison of the three kernels shows that the defined parameter values of the RBF kernel are critical for improving the validity and accuracy in anomaly detection. Our results show that the RBF kernel of the Support Vector Machine can be used to advantage in detecting anomalies.The 2021 International Conference on Artificial Life and Robotics (ICAROB 2021), January 21-24, 2021, Higashi-Hiroshima (オンライン開催に変更

nu-Anomica: A Fast Support Vector Based Novelty Detection Technique

In this paper we propose nu-Anomica, a novel anomaly detection technique that can be trained on huge data sets with much reduced running time compared to the benchmark one-class Support Vector Machines algorithm. In -Anomica, the idea is to train the machine such that it can provide a close approximation to the exact decision plane using fewer training points and without losing much of the generalization performance of the classical approach. We have tested the proposed algorithm on a variety of continuous data sets under different conditions. We show that under all test conditions the developed procedure closely preserves the accuracy of standard one-class Support Vector Machines while reducing both the training time and the test time by 5 - 20 times

Using Self-Organizing Maps for Computer Network Intrusion Detection

Anomaly detection in user access patterns using artificial neural networks is a novel way of combating the ever-present concern of computer network intrusion detection for many entities around the world. Anomaly detection is a technique in network security in which a profile is built around a user\u27s normal daily actions. The data collected for these profiles can be as following: file access attempts; failed login attempts; file creations; file access failures; and countless others. This data is collected and used as training data for a neural network. There are many types of neural networks, such as multi-layer feed-forward network; recurrent networks; support vector machines; and others. For our study, we implemented our own self¬ organizing map (SOM), which we found to not be as heavily researched as other neural network approaches. Using the KDD Cup 99 dataset, we compared our own SOM implementation against other neural network implementations and determine the effectiveness of such an approach

A Hybrid Classification Framework for Network Intrusion Detection with High Accuracy and Low Latency

Network intrusion detection (NIDS) is a crucial task aimed at safeguarding computer networks against malicious attacks. Traditional NIDS methods can be categorized as either misuse-based or anomaly-based, each having its unique set of limitations. Misuse-based approaches excel in identifying known attacks but fall short when dealing with new or unidentified attack patterns. On the other hand, anomaly-based methods are more adept at identifying novel attacks but tend to produce a substantial number of false positives. To enhance the overall performance of NIDS systems, hybrid classification techniques are employed, leveraging the strengths of both misuse-based and anomaly-based methods. In this research, we present a novel hybrid classification approach for NIDS that excels in both speed and accuracy. Our approach integrates a blend of machine learning algorithms, including decision trees, support vector machines, and deep neural networks. We conducted comprehensive evaluations of our approach using various network intrusion datasets, achieving state-of-the-art results in terms of accuracy and prediction speed

Support Vector Machine for Network Intrusion and Cyber-Attack Detection

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-security threats are a growing concern in networked environments. The development of Intrusion Detection Systems (IDSs) is fundamental in order to provide extra level of security. We have developed an unsupervised anomaly-based IDS that uses statistical techniques to conduct the detection process. Despite providing many advantages, anomaly-based IDSs tend to generate a high number of false alarms. Machine Learning (ML) techniques have gained wide interest in tasks of intrusion detection. In this work, Support Vector Machine (SVM) is deemed as an ML technique that could complement the performance of our IDS, providing a second line of detection to reduce the number of false alarms, or as an alternative detection technique. We assess the performance of our IDS against one-class and two-class SVMs, using linear and non-linear forms. The results that we present show that linear two-class SVM generates highly accurate results, and the accuracy of the linear one-class SVM is very comparable, and it does not need training datasets associated with malicious data. Similarly, the results evidence that our IDS could benefit from the use of ML techniques to increase its accuracy when analysing datasets comprising of non-homogeneous features

Learning Multimodal Deep Representations for Crowd Anomaly Event Detection

Anomaly event detection in crowd scenes is extremely important; however, the majority of existing studies merely use hand-crafted features to detect anomalies. In this study, a novel unsupervised deep learning framework is proposed to detect anomaly events in crowded scenes. Specifically, low-level visual features, energy features, and motion map features are simultaneously extracted based on spatiotemporal energy measurements. Three convolutional restricted Boltzmann machines are trained to model the mid-level feature representation of normal patterns. Then a multimodal fusion scheme is utilized to learn the deep representation of crowd patterns. Based on the learned deep representation, a one-class support vector machine model is used to detect anomaly events. The proposed method is evaluated using two available public datasets and compared with state-of-the-art methods. The experimental results show its competitive performance for anomaly event detection in video surveillance

Classifying malicious windows executables using anomaly based detection

A malicious executable is broadly defined as any program or piece of code designed to cause damage to a system or the information it contains, or to prevent the system from being used in a normal manner. A generic term used to describe any kind of malicious software is Maiware, which includes Viruses, Worms, Trojans, Backdoors, Root-kits, Spyware and Exploits. Anomaly detection is technique which builds a statistical profile of the normal and malicious data and classifies unseen data based on these two profiles. A detection system is presented here which is anomaly based and focuses on the Windows® platform. Several file infection techniques were studied to understand what particular features in the executable binary are more susceptible to being used for the malicious code propagation. A framework is presented for collecting data for both static (non-execution based) as well as dynamic (execution based) analysis of the malicious executables. Two specific features are extracted using static analysis, Windows API (from the Import Address Table of the Portable Executable Header) and the hex byte frequency count (collected using Hexdump utility) which have been explained in detail. Dynamic analysis features which were extracted are briefly mentioned and the major challenges faced using this data is explained. Classification results using Support Vector Machines for anomaly detection is shown for the two static analysis features. Experimental results have provided classification results with up to 94% accuracy for new, previously unseen executables