International Association of Engineers
In this paper, the authors describe results concerning the robustness and generalization capabilities of kernel methods in detecting intrusions using network audit trails. They use traditional Support Vector Machines (SVM), Biased Support Vector Machine (BSVM) and leave-one-out model selection for support vector machines (looms) for model selection. They also evaluate the impact of kernel type and parameter values on the accuracy of a Support Vector Machine (SVM) performing intrusion classification. Through a variety of comparative experiments, it is found that SVM performs the best for detecting normal and user to super user, BSVM performs the best for Denial of Service (DoS) attacks, and looms based on BSVM performs the best for probe and remote to local.