Support Vector Machine for Network Intrusion and Cyber-Attack Detection

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-security threats are a growing concern in networked environments. The development of Intrusion Detection Systems (IDSs) is fundamental in order to provide extra level of security. We have developed an unsupervised anomaly-based IDS that uses statistical techniques to conduct the detection process. Despite providing many advantages, anomaly-based IDSs tend to generate a high number of false alarms. Machine Learning (ML) techniques have gained wide interest in tasks of intrusion detection. In this work, Support Vector Machine (SVM) is deemed as an ML technique that could complement the performance of our IDS, providing a second line of detection to reduce the number of false alarms, or as an alternative detection technique. We assess the performance of our IDS against one-class and two-class SVMs, using linear and non-linear forms. The results that we present show that linear two-class SVM generates highly accurate results, and the accuracy of the linear one-class SVM is very comparable, and it does not need training datasets associated with malicious data. Similarly, the results evidence that our IDS could benefit from the use of ML techniques to increase its accuracy when analysing datasets comprising of non-homogeneous features

Backtesting Expected Shortfall: a simple recipe?

We propose a new backtesting framework for Expected Shortfall that could be used by the regulator. Instead of looking at the estimated capital reserve and the realised cash-flow separately, one could bind them into the secured position, for which risk measurement is much easier. Using this simple concept combined with monotonicity of Expected Shortfall with respect to its target confidence level we introduce a natural and efficient backtesting framework. Our test statistics is given by the biggest number of worst realisations for the secured position that add up to a negative total. Surprisingly, this simple quantity could be used to construct an efficient backtesting framework for unconditional coverage of Expected Shortfall in a natural extension of the regulatory traffic-light approach for Value-at-Risk. While being easy to calculate, the test statistic is based on the underlying duality between coherent risk measures and scale-invariant performance measures