Anomaly Detection using Machine Learning Classifiers KPCA-PRE vs. RBC-ORT with Comparative Analysis on Case Study

Authors

  • Goverdhan Reddy Jidiga Department of Technical Education, Hyderabad, Telangana, India Author

DOI:

https://doi.org/10.32628/CSEIT25112868

Keywords:

Anomaly, PCA, ADS, Anomaly detection, Kernel, Machine Learning, KPCA, PRE, RBC-ORT, Regression

Abstract

ADS (anomaly detection system) is currently vulnerable for present emerging applications with significant attacks due to the rapid evolution of virus (anomaly) structures and the injection of malicious code into applications. Such attacks can result in substantial mutilation to actual precarious organization applications. Therefore, it is essential to identify the state-of-the-art novelties in applications and prototypical those using cutting-edge classifiers in machine learning. This research study presents KPCA (Kernel PCA) with PRE, a non-linear extension of PCA that is used to categorize data and identify anomalies by converting the input space into a high-dimensional space. Key components are derived from eigenvectors using KPCA, which uses them as a threshold in relation to kernel width. Utilizing datasets from the UCI machine learning library, the KPCA is essentially a kernel-based application improves strength. Last but not least, when compared to the Rule Based Classifier with Ordered Regression Trees (RBC-ORT) and other techniques (PLSDA, SVM, CART, PCA, and k-NN) tested on the UCI datasets with different combinations of training and test sets, the performance of KPCA is improved with Parallel Reconstruction Error (PRE).

Downloads

Download data is not yet available.

References

H. H. Feng, OM. Kolesnikov, P. Fogla, W Lee, and Weibo Gong, “Anomaly Detection Using Call Stack Information” IEEE Symposium on Security and Privacy’, CA, pp: 62-75 , 2003.

R. Sekar, M.Bendre, P . Bollineni, and D. Dhurjati, “ A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors”, IEEE Sy’m on Security and Privacy, Oakland, CA, 2001.

D. E. Denning , “An intrusion detection model” , In IEEE Transactions on Software Engineering, CA,1987.

D. Anderson, T . Frivold, and A.V aldes, “Next generation intrusion detection expert system (NIDES): A summary”, Technical Report SRI–CSL–95–07, 1995.

Mukkamala, J.Gagnon, and S. Jajodia, ”Integrating data mining techniques with intrusion detection methods”, Research Advances in Information Security, Kluwer Publishers, Boston, pp.33-46, 2000.

W.Lee, Chan P.K, Eskin, E WeiFan, Miller M. S.Zhang “Realtime datamining based intrusion detection” IEEE DARPA information Conference, page(s):89-100 vol.1 Print ISBN:0-7695-1212-7 , 2001.

S.Axelsson,"Intrusion Detection Systems: A Survey and Taxonomy," Chalmers University, Technical Report 99-15, 2000.

Debin Gao, M Reiter, Dawn, “On Gray-Box Program tracking for Anomaly Detection“ , Proceedings of the 13th conference on USENIX Security Symposium - Volume 13 Berkeley, USA, 2004.

C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S.Beattie, A. Grier, “Stack-Guard: Automatic Adaptive Detection and Prevention of Buffer Overflow Attacks” , 7th-USENIX Security Symp , USA, 1998.

K.Sequeira and M. Zaki, "ADMIT: Anomaly based Data Mining for Intrusions", 8th ACM SIGKDD international conference on Knowledge discovery and data mining, Canada, pp. 386-395, 2002.

S.E.Smaha, "Haystack : An Intrusion Detection System," IEEE 4th Aerospace Computer Security Applications Conference, pp. 37 – 44, Orlando, FL, 1988.

S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A Sense of Self for Unix Processes," IEEE Symp’m on Research in Security and Privacy, Oakland, CA, USA, pp. 120-128, 1996.

E.Eskin, S.J.Stolfo, and W. Lee, "Modeling System Calls for Intrusion Detection with Dynamic Window Sizes," DARPA Information Survivability Conference & Exposition-II, pp.165-175, Anaheim, CA 2001.

A. Valdes and K. Skinner, "Adaptive Model-based Monitoring for Cyber Attack Detection" , Recent Advances in Intrusion Detection, pp.80-92, Toulouse, France, 2000.

M.L.Shyu, S.C.Chen, K.Sarinnapakorn, and L.Chang, "A Novel Anomaly Detection Scheme Based on Principal Component Classifier", IEEE Foundations and New Directions of DataMining Workshop, pp. 172-179, Florida, USA, 2003.

D.Y.Yeung and Y.Ding, "Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models," Pattern Recognition, vol. 36, pp. 229-243, 2003.

M. V. Mahoney and P. K. Chan, "Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks," in Eighth ACM SIGKDD , pp. 376-385, Canada, 2002.

W. Lee and S. J. Stolfo, "Data mining approaches for intrusion detection," in 7th USENIX Security Symposium (SECURITY-98), pp. 79-94, Berkeley, USA, 1998.

J.E.Dickerson and J.A.Dickerson,"Fuzzy network profiling for intrusion detection", 19th International Conference (NAFIPS), pp. 301 – 306, Atlanta, 2000.

D. Barbara, J. Couto, S. Jajodia, and N. Wu, "ADAM: A Testbed for Exploring the Use of Data Mining in Intrusion Detection," ACM SIGMOD: vol. 30, pp. 15 – 24, 2001.

A. Abdelhalim and Issa Traore, “The RBDT-1 method for rule-based decision tree generation”, Technical report (ECE-09-1), University of Victoria, Canada, 2009.

Goverdhan Reddy Jidiga and P.Sammulal “RBDT: The Cascading of Machine Learning Classifiers for Anomaly Detection with Case Study of Two Datasets” , Springer- Scopus Indexed (DBLB and UGC CARE listed) AISC Journal Series.Advances in Intelligent Systems and Computing 320, DOI: 10.1007/978-3-319-11218-3_29, pp 309-324, 2014.

Scholkopf B, A.J. Smola, K.R. Muller, “Nonlinear component analysis as a kernel eigenvalue problem”, Neural Computation 10 , pp.1299–1319, 1998.

Downloads

Published

29-04-2025

Issue

Section

Research Articles